Subject: Re: [ ipfilter denial of service problem]
To: Mason Loring Bliss <>
From: Quentin Garnier <>
List: tech-security
Date: 01/10/2003 08:38:53
Le Thu, 9 Jan 2003 19:20:40 -0500
Mason Loring Bliss a écrit :
> This was on BugTraq recently.
> Can someone familiar with ipf's guts explain in more detail what would
> constitute a situation where one is vulnerable to a DOS using this
> method?

Darren answered on BugTraq.

The DOS situation happens when you have a TCP 'keep state' rule that
doesn't require the SYN flag. Thus, a state entry is created with the
bogus ACK packet.

So usually you're safe, since the TCP 'keep state' rules should require
the SYN flag, to have a state entry created only when a connexion is

Quentin Garnier -
"Feels like I'm fiddling while Rome is burning down.
Should I lay my fiddle down and take a rifle from the ground ?"
Leigh Nash/Sixpence None The Richer, Paralyzed, Divine Discontents, 2002.