On Tue, Apr 12, 2005 at 02:54:54PM +0200, G.J. Moed wrote:
Zie verder: http://www.niscc.gov.uk/niscc/docs/al-20050412-00308.html?lang=en
532967/NISCC/ICMP/2 CVE number: CAN-2004-1060 In the case where a host complies with RFC 1191 ("Path MTU Discovery"), it is possible to use the blind connection-reset attack with a ICMP Type 3 Code 4 packet and the addition of the "next-hop MTU" field in the ICMP header set to a value of 68 (octets) to slow down the transmission rate for traffic from the host. Net even vluchtig doorgelezen. Dit is niet *zomaar* te doen aangezien RFC1191 voorschrijft dat de header + eerste 64 bits van het originele packet worden meegestuurd. Elke sane ip-stack zal daar op controleren. -- Sabri Berisha, - CCNA, JNCIA #747 Internetworking Professional - +31 (0) 6 19890416 http://www.cluecentral.net - http://www.virt-ix.net