Return to BSD News archive
Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!msunews!agate!howland.reston.ans.net!news.cac.psu.edu!news.pop.psu.edu!hudson.lm.com!ivory.lm.com!not-for-mail From: peterb@telerama.lm.com (Peter Berger) Newsgroups: comp.unix.bsd Subject: ICMP Port Unreachable: correct way to deal? Date: 20 Mar 1995 09:03:49 -0500 Organization: Telerama Public Access Internet, Pittsburgh, PA USA Lines: 20 Message-ID: <3kk205$lt5@ivory.lm.com> NNTP-Posting-Host: ivory.lm.com The 4.3 BSD kernel seems to either close a TCP connection or pass an ICMP Port Unreachable message up to the application even when the IP header and the ICMP header don't match. This allows a denial of service attack known as "nuking." I've noticed that the 4.4 kernel is not subject to this; I assume it is discarding such packets at the kernel level. Can anyone give me a vicious shove towards the place in the source code where this comparison and discard is done? I need to patch a 4.3 kernel to resist this sort of thing. Thanks. -- ...................................................................... Peter G. Berger, Esq. Telerama Public Access Internet, Pittsburgh Internet: peterb@telerama.lm.com Phone: 412/481-3505 Fax: 412/481-8568 http://www.lm.com/~peterb