4 Dec
2003
4 Dec
'03
2:13 a.m.
--On Wednesday, December 3, 2003 10:53 PM -0500 Valdis.Kletnieks@vt.edu wrote:
On Wed, 03 Dec 2003 15:57:37 PST, Owen DeLong <owen@delong.com> said:
around. (In fact, I'm hard pressed to imagine how a Frag needed packet for an invalid session could do much of anything).
You can use a forged 'frag needed' to stomp an existing connection of the victim's down to 64 byte MTU or similar silliness, but other than sheer "it's a packet" DDoS effects, I can't think of a malicious use for one for an invalid session either....
Agreed. However, the former pretty much requires knowledge, a lot of packets, or a really lucky set of guesses. Owen -- If it wasn't crypto-signed, it probably didn't come from me.