Greetings and Salutations: On 4/10/04 8:23 AM, "Darren Reed" <avalon@caligula.anu.edu.au> wrote: > In some mail from gandalf@digital.net, sie said: >> I work at many other places than on my own personal computers. I would like >> to know if attacks might affect any number of computers. I am a computer >> professional. > > And if so, surely any place where you see "Windows 9*/ME" should bring a > "you need to start planning on upgrading/replacing these with 2K/XP, if > you haven't already." styled response. Yup. Been there, did that. Small businesses have a hard enough time justifying doing maintenance much less buying new equipment. >> Or program with queues that drop packets in a FIFO fashion that have enough >> memory that an attack will still allow fragmented packets to be serviced. >> You can (at least) make it harder to DoS a machine. > > If the time an entry stays in the queue is less than the time required > for reassembly to occur then even a FIFO will not suffice as an adequate > algorithmic countermeasure. There are solutions to this too, but this > is just to say that it's more complex than "throw this data structure > in to fix." > Darren Agree 100% that a simple data structure will not fix this problem. But it is a start. I would also say that in this case a "standard" (I.e. RFC) for fragmentation reassembly should be written to take all of the diverse ways that fragments are handled and standardize them. Again I am amazed that every machine I hit with fragments seems to have a different effect on the machine than the last machine I tested against. Ken --------------------------------------------------------------- Do not meddle in the affairs of wizards for they are subtle and quick to anger. Ken Hollis - Gandalf The White - gandalf@digital.net - O- TINLC WWW Page - http://digital.net/~gandalf/ Trace E-Mail forgery - http://digital.net/~gandalf/spamfaq.html Trolls crossposts - http://digital.net/~gandalf/trollfaq.html
