Date: Sat, 18 Nov 2000 11:04:55 -0600 (CST) From: Mike Silbersack <silby@silby.com> To: Jesper Skriver <jesper@skriver.dk> Cc: Alfred Perlstein <bright@wintelcom.net>, hackers@FreeBSD.ORG Subject: Re: React to ICMP administratively prohibited ? Message-ID: <Pine.BSF.4.21.0011181102540.52996-100000@achilles.silby.com> In-Reply-To: <20001118155446.A81075@skriver.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 18 Nov 2000, Jesper Skriver wrote: > On Fri, Nov 17, 2000 at 02:29:04PM -0800, Alfred Perlstein wrote: > > > > Probably not, what if one started a stream of spoofed ICMP lying > > about the state of the route between the two machines? I have > > the impression that the Linux box wouldn't be able to connect > > because of this behavior. > > Correct, a attacker could in theory make sure we couldn't connect to > a given remote box, but as I see it, it's mostly in teory. > > We could only react to this if we had a TCP session where we was > waiting for a SYN/ACK from this specific host, this only leaves a very > narrow window for a attacker to abuse, as he had to know both > destination and time. > > Do you agree ? > > /Jesper Well, if you honor such messages, don't you have to honor them in the middle of a connection too? Then you could cause a connection drop at any time. It would seem simpler to have the ISP in question use proper RST responses, or just stop filtering totally. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0011181102540.52996-100000>