[e2e] Legal fragment sizes

[David P. Reed]

I'd bet there is at least one IP stack that would overwrite kernel 
memory if you play this trick on it.   :-)

Somebody who wanted to test this hypothesis could start sending lots of 
these "extreme" packets out to random addresses, followed by tests to 
see if the addressed computers crash (ping every second for five seconds).

Probably you should consult your lawyer before carrying out this 
experiment, if you don't work for the security dept. of the organization 
you are probing.

Jeno Jeno wrote:
> Oops, I forgot the units for fragment-offset field and total
> length. Yes, whatever you have mentioned should be
> possible.
>
> On 5/17/06, *Jeno Jeno* < su.jeno at gmail.com 
> <mailto:su.jeno at gmail.com>> wrote:
>
>     The fragment-offset field is just 13-bits. So you cannot
>     specify a fragment offset of ~64k.
>
>
>     On 5/16/06, *Fernando Gont* < fernando at gont.com.ar
>     <mailto:fernando at gont.com.ar>> wrote:
>
>         Folks,
>
>         I was going through the IP specs, and there was a point on which
>         there seems to be some ambiguity (or, well, at least it's not that
>         clear to me). I wonder what your interpretation is.
>
>         Is the maximum "legal" IP payload defined by "Total_Length -
>         IP_Header" ( i.e., around 65K), or should it be considered to
>         be the
>         maximum payload that can be encapsulated, by using the "trick"
>         described bellow? (i.e., which would then result in a maximum
>         payload
>         size of around 128K)
>
>         (The "trick" would be to send a ~65K fragment with the MF bit set,
>         followed by a second 65K fragment with an offset of ~65K)
>
>         Thanks!
>
>         --
>         Fernando Gont
>         e-mail: fernando at gont.com.ar <mailto:fernando at gont.com.ar> ||
>         fgont at acm.org <mailto:fgont at acm.org>
>         PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
>
>
>
>
>
>
>