On 2014-08-19 16:10, Nick Hilliard wrote: > On 19/08/2014 14:18, Jeroen Massar wrote: >> But also for ICMPv4, which has similar attacks. > > no, it doesn't because in general ipv4 fragments are not dropped. Also, > ipv4 handles this by fragmenting en-route rather than sending PTB packets > to the source.
Note the word 'similar' in that sentence. While that specific fragmented attack won't work, one can still spoof return ICMPs and give wrong answers. Anyone remember Rotorouter[1] ? :) Hence, why it is a good idea to do the same checks for IPv4 too and why I avoid mentioning what kind of attack it was solving. It is just good hygiene to check validity of things. Greets, Jeroen [1] http://www.shmoo.com/mail/bugtraq/aug98/msg00110.html _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
