*BSD News Article 43521


Return to BSD News archive

Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!msunews!agate!howland.reston.ans.net!news.cac.psu.edu!news.pop.psu.edu!hudson.lm.com!ivory.lm.com!not-for-mail
From: peterb@telerama.lm.com (Peter Berger)
Newsgroups: comp.unix.bsd
Subject: ICMP Port Unreachable: correct way to deal?
Date: 20 Mar 1995 09:03:49 -0500
Organization: Telerama Public Access Internet, Pittsburgh, PA USA
Lines: 20
Message-ID: <3kk205$lt5@ivory.lm.com>
NNTP-Posting-Host: ivory.lm.com

The 4.3 BSD kernel seems to either close a TCP connection or pass an 
ICMP Port Unreachable message up to the application even when the IP
header and the ICMP header don't match.  This allows a denial of service
attack known as "nuking."

I've noticed that the 4.4 kernel is not subject to this; I assume it is
discarding such packets at the kernel level.  Can anyone give me a 
vicious shove towards the place in the source code where this comparison
and discard is done?  I need to patch a 4.3 kernel to resist this sort
of thing.

Thanks.



-- 
......................................................................
  Peter G. Berger, Esq.  Telerama Public Access Internet, Pittsburgh
Internet: peterb@telerama.lm.com Phone: 412/481-3505 Fax: 412/481-8568
	   	 	http://www.lm.com/~peterb