Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Jerry Feldman wrote: > David Kramer <david at thekramers.net> wrote: >> The IP envelope contains the total length of the datagram. What would >> happen if that number were larger or smaller than the real length? > > I think the network layer in most implementations has been purged of > buffer overflow issues. Most likely, the affected packet would simply > be discarded... Or corrected. I believe modern software firewalls, like iptables, perform a number of sanity checks on packets before they hit the kernel. For example, here's a recent log entry triggered by iptables when it didn't like the window size specified in a packet: ... TCP: Treason uncloaked! Peer 192.168.0.200:873/59982 shrinks window 1150916075:1150916611. Repaired. -Tom -- Tom Metro Venture Logic, Newton, MA, USA "Enterprise solutions through open source." Professional Profile: http://tmetro.venturelogic.com/ -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |