Re: tlug: Now, ain't this really odd??!!

[Scott Stone <sstone@example.com>]

On Tue, 1 Sep 1998, Chris Sekiya wrote:

> On Tue, 1 Sep 1998, Jonathan Byrne - 3Web wrote:
> 
> > What's a teardrop attack, and what steps need to be taken to prevent it?
> 
> The teardrop attack takes advantage of a bug in the IP defragment code in
> kernels before 2.0.31 (I don't remember which 2.1-series kernels were
> vulnerable).  Causes a kernel buffer overrun, which results in either a
> reboot or a halt. 
> 
> The quick fix is to turn off "Always defragment IP packets" in the kernel
> config.  The proper fix is to go to a newer kernel (however, I understand
> that variations of this attack work on newer kernels as well).
> 
> As with all exploits, more information is available at
> http://www.rootshell.com (I dislike giving free press to these guys, but
> information should be free and all that).

Actually, there was a SECOND teardrop-alike attack discovered as well, and
kernels up through 2.0.33 are vulnerable to it.  

--------------------------------------------------
Scott M. Stone <sstone@example.com, sstone@example.com>
               <sstone@example.com>
Head of TurboLinux Development/Systems Administrator
Pacific HiTech, Inc (USA) / Pacific HiTech, KK (Japan)
http://www.pht.com		http://armadillo.pht.co.jp
http://www.pht.co.jp	        http://www.turbolinux.com


--------------------------------------------------------------
Next Nomikai: 18 September, 19:30 Tengu TokyoEkiMae 03-3275-3691
Next Meeting: 10 October, Tokyo Station Yaesu central gate 12:30
--------------------------------------------------------------
Sponsor: PHT, makers of TurboLinux http://www.pht.co.jp