|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Firewall stateful handling of ICMP packets
On Wed, 03 Dec 2003 15:57:37 PST, Owen DeLong <[email protected]> said: > around. (In fact, I'm hard pressed to imagine how a Frag needed packet > for an invalid session could do much of anything). You can use a forged 'frag needed' to stomp an existing connection of the victim's down to 64 byte MTU or similar silliness, but other than sheer "it's a packet" DDoS effects, I can't think of a malicious use for one for an invalid session either.... Attachment:
pgp00008.pgp
|