Comments?
(Nice to see Mr. Bellovin keeping up the holiday tradition ... :))
Scott Francis wrote:
Comments?
(Nice to see Mr. Bellovin keeping up the holiday tradition ... :))
Yep.
" Fragments that by themselves are dangerous MUST have the evil bit
set. If a packet with the evil bit set is fragmented by an
intermediate router and the fragments themselves are not dangerous,
the evil bit MUST be cleared in the fragments, and MUST be turned
back on in the reassembled packet."
There is no guidelines for specifying how the router will determine if the fragments themselves are dangerous. An attacker may carefully design the evil packet with the expectation of fragmentation, allowing the fragments themselves to be the tool of the attack. It is therefore recommended that all fragment of a packet with the evil bit set should also have the evil bit set when fragmentation is performed by an intermediate router incapable of determining the dangerous nature of the packets.
-Jack
Comments?
(Nice to see Mr. Bellovin keeping up the holiday tradition ... :))
Will this require any modification to exisiting RFC2321 troubleshooting
agents?
Eric
Hmmm.... Must be 4/1 again.
Owen
Owen DeLong wrote:
Hmmm.... Must be 4/1 again.
Owen
Well, you weren't taking it seriously, I hope. lol
-Jack
Nope. I was somewhat concerned at first, then, I realized there was no
way this drivel came from Steve Bellovin. Then, I looked at the calendar.
Owen
Hmmm.... Must be 4/1 again.
Well, you weren't taking it seriously, I hope. lol
http://lists.FreeBSD.org/pipermail/cvs-all/2003-April/001098.html
No the beauty of this is that it is declarative in nature.
That means that unless there is some law saying that this
transaction is different because it went over this protocol
as opposed to that one. And although while Steve is clearly
poking fun at the concept that one protocols is different
from another - this is true and is becoming more so every
day. So this is not so out of touch perhaps.
Todd Glassey