Re: [MOD] Returning the ip of a fragmented packet sender

Ken Pizzini (ken@halcyon.com)
Wed, 07 Oct 1998 03:24:47 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Martin Mares: "Re: Diamond Monster 3D PCI problems"
Previous message: Alistair Riddell: "Re: 2.0.36pre patches"
Maybe in reply to: Shaun Wilson: "[MOD] Returning the ip of a fragmented packet sender"

Greaves Tristan TM <tristan.greaves@x400.icl.co.uk> wrote:
> > From: Shaun Wilson [mailto:plexus@ionet.net]
> > Sent: Wednesday, October 07, 1998 12:13 AM
> > To: linux-kernel@vger.rutgers.edu
> > Subject: [MOD] Returning the ip of a fragmented packet sender
> >
> > I figured it would be nice to have the ip of the fool who was
> > doing this,
> > so I could firewall the ip. This information was not
> > recorded anywhere
> > else, so I made an incredibly small mod for
> > net/ipv4/ip_fragment.c that
> > shows the ip of the sender of the fragment.
>
> Remember that most programs that send these fragmented packets allow
> the user to "spoof" their IP. So I'm not sure how much you can trust
> the information you get back.

You can't trust it to be anything meaningful, but it may still be helpful
for short-term filtering. (At least until the attackers start sending a
different sender address in each packet.)

--Ken Pizzini

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Martin Mares: "Re: Diamond Monster 3D PCI problems"
Previous message: Alistair Riddell: "Re: 2.0.36pre patches"
Maybe in reply to: Shaun Wilson: "[MOD] Returning the ip of a fragmented packet sender"