Re: iSCSI: Text request/response spanning - security issue?

To: "Mallikarjun C." <cbm@rose.hp.com>
Subject: Re: iSCSI: Text request/response spanning - security issue?
From: Luben Tuikov <luben@splentec.com>
Date: Thu, 28 Mar 2002 20:40:23 -0500
CC: iSCSI <ips@ece.cmu.edu>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii
Organization: Splentec Ltd.
References: <3CA3B17F.B5299568@splentec.com> <012601c1d6b9$f4fe87e0$edd52b0f@rose.hp.com>
Sender: owner-ips@ece.cmu.edu

"Mallikarjun C." wrote:
>
> The expectation is that implementations will set the right timeouts
> to detect and get out of these conditions.  The state transitions
> (chapter 5) allow these timeouts as legal events that could cause a
> Login failure.  Also take a look at section 6.8, which deals with
> timeouts in text negotiations.

This isn't a timeout issue at all (but it is a DoS attack).

The Text Requests can come at the right time,
and none of them may have a 0x00 in it's payload
to indicate end of key=value pair. This will
drain the node's memory.

There needs to be a limitaion (somehow) on how long
a key=value could ever be (spanning or not).
Negotiated or not.

"Buffer overrun" rings a bell.

-- 
Luben

Follow-Ups:
- Re: iSCSI: Text request/response spanning - security issue?
  - From: "Mallikarjun C." <cbm@rose.hp.com>

References:
- Text request/response spanning - security issue?
  - From: Luben Tuikov <luben@splentec.com>
- Re: iSCSI: Text request/response spanning - security issue?
  - From: "Mallikarjun C." <cbm@rose.hp.com>

Prev by Date: Re: iSCSI: Text request/response spanning - security issue?
Next by Date: Re: iSCSI: Text request/response spanning - security issue?
Prev by thread: Re: iSCSI: Text request/response spanning - security issue?
Next by thread: Re: iSCSI: Text request/response spanning - security issue?
Index(es):
- Date
- Thread

Home

Last updated: Thu Mar 28 21:18:18 2002
9372 messages in chronological order