|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Text request/response spanning - security issue?A key=value pair can span multiple Text Request/Response PDU's. A rougue/badly implemented T/I can use this ``feature'' to completely drain the I/T resources and stall its operation. I.e. the node will keep the data and wait indefinitely until 0x00 in order to process the request. If 0x00 is never received, the node will eventually run out of memory. If such an implementation is in kernel space, then after such an attack, the only solution is the big red button. -- Luben
Home Last updated: Thu Apr 04 04:18:25 2002 9478 messages in chronological order |