Harald Welte wrote:

On Sun, Feb 16, 2003 at 01:38:56PM +0100, Patrick McHardy wrote:

 

quoted

inerestingly, it seems linux defragmentation is vulnerable to dos attack.
the evictor (called before defragmentation) just kills the oldest entry
of each hash slot, starting with 0 until memory is below
sysctl_ipfrag_low_thresh. by sending enough fragments 
(>sysctl_ipfrag_high_thresh) which hash to the highest bucket you can
stop reassembly of valid packets.
   

I'm forwarding this (from netfilter-devel) to the linux networking
developers at netdev@oss.sgi.com.  If your assumption is valid, they
might want to have a look at this...

thanks.


 

Hi Harald, it seems this was not (entirely) correct, the evictor only 
kills the last
member of each hash slot and then moves on. still, assuming the hash 
function is good
there is a good chance we can disturb reassembly noticeable.

Patrick