D. Reed, G. Ziemba, and P. Traina. RFC 1858 Security considerations for IP fragment filtering. Oct 1995.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....which should be preferred, but the recommendation is to prefer new data, so that if the algorithm receives data from the same position twice, the new data will overwrite the old. However, not all implementations follow this suggestion: favouring new data introduce great danger, as stated in [23], making it possible to circumvent filtering devices; for this reason some operating systems favour old data. Combining operating systems that favour new data (e.g. 4.4 BSD and Linux) with those that favour old data (e.g. Windows NT 4.0 and Solaris 2.6) introduces an evasion possibility if the IDS ....

D. Reed, G. Ziemba, and P. Traina. RFC 1858 Security considerations for IP fragment filtering. Oct 1995.

....of the first byte of the data it carries, in the data of the entire datagram. The fragment offset is in units of 8 bytes. Thus, the data portion of any IP fragment must be at least 8 bytes in size. 3. 2 A Description of the Vulnerability The vulnerability we describe here is one considered in [ZRT95] 3 . The vulnerability is in the reassembly process as described in [Pos81a] It is possible that fragments overlap each other when they arrive at the destination. Pos81a] states that a fragment should overwrite portions of fragments that arrived earlier, that overlap it. If the data in a ....

....not. A vulnerability is exists because there is a need to make inferences about the data carried by an entire datagram before it is reassembled at the destination s IP layer. An instance of where this is needed is a packet filter, that attempts to enforce access rules on communication traffic [ZRT95] A packet filter, situated on a path between the source and destination, might want to disallow TCP connection requests from going through. Packet filters that do not maintain state across fragments of a datagram decide on the fate of a datagram (let through or drop) by imposing the access rules ....

[Article contains additional citation context not shown here]

G. Ziemba, D. Reed, and P. Traina. RFC-1858 Security Considerations for IP Fragment Filtering. Network Working Group, October 1995.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC