Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IP hack theorizing



Jerry Feldman wrote:
> David Kramer <david at thekramers.net> wrote:
>> The IP envelope contains the total length of the datagram.  What would
>> happen if that number were larger or smaller than the real length?
>
> I think the network layer in most implementations has been purged of
> buffer overflow issues. Most likely, the affected packet would simply
> be discarded...

Or corrected. I believe modern software firewalls, like iptables, 
perform a number of sanity checks on packets before they hit the kernel. 
For example, here's a recent log entry triggered by iptables when it 
didn't like the window size specified in a packet:

  ... TCP: Treason uncloaked! Peer 192.168.0.200:873/59982 shrinks 
window 1150916075:1150916611. Repaired.


  -Tom

-- 
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org