IP Fragmentation and Reassembly.
- Adversary can flip fields or fragments in an IP packet.
- Premature assembly (look at packets coming in, one signals the last packet. If you miss some packets, then you wait to receive it. If message is received which says you have everything, you try (and keep trying) to reassemble. Form of DOS.
- Message indicates you must wait for data. Then more data comes than you can store or reassemble (DOS).
- Fragmentation Border Cases
- IP packet max length 2^16. Fragmentation offset is 2^13.
- You only realize you are out of memory when the specified packet size turns out to be smaller than what is actually transmitted.
- Suggests a buffer overflow then occurs, seems like that only applies to shit code practices.
- Ping of death
- Spam prevention avoids spoofed IP addresses by checking if sending IP is one actually associated with organization (?)
- DNS mostly runs on UDP for speed.
- Google tries to be roughly around 8ms from you (source?)
- UDP is spoofable because it misses a handshake.
- DNS requests have no encryption. Anyone by which your request passes can know what you're trying to access.
- All applications making requests can also be recorded and used to build profiles based on the accessed sites.
- DNS hijacking starts with attacker asking for where is a site. While it is busy looking up a site, the adversery spoofs an address and sends it to your ISP and they cache it thinking it is correct.
- Can impersonate DNS if you have the right identifier number. Used to be an increment in implementation. So one could ask their own server for a loopup, it then asks official server which sends it data + counter value. Then you spoof counter value to trick it and poison the cache.
- Randomized requires only 2^16 guesses, so not that secure at all.
- Attack called (Kaminsky?) attempts to send more records to a server than it asked for or something, poisoning it.