Tweet
I have an idea, but I am not sure if it would work. Is it possible to put multiple tcp/ip headers into one ethernet frame, and have them read in as multiple packets? This may have multiple uses, not the least of which a possible buffer overflow with (insert OS here) using the minimum space (insert amount of headers here) would need, all in one frame, no need for a connection. This could also help in the way that is multiple packets are in the que to be moved to the same address, putting them all in the same frame would eliminate the need for (insert amount of packets here minus one) ethernet headers, and could supply a network traffic decrease, even if only a small one. Does this have any possibility at all or am I just daydreaming?
-
There once was a Windows box with no firewall. Keyword is, there once was.
-
Though you could have the payload of a TCP packet be another TCP packet (this is *sort of* how you may envision tunneling or encapsulation) and it is theoretically possible to have many layes of tunneling, in reality each layer's associated packet has one header for its session. Each tunnel is effectively another session.Originally posted by Hextic
For each session, the headers used by the layer processing the message are limited to the specs of that layer's protocol. For TCP, IP, UDP, and various Ethernet/802.x these are well defined to use fixed bit-width fields, or dynamic header sizes based on other header information at fixed bit locations early in the frame/header.
For each layer's processing (tcp, udp, ip), there is one header. Payload is payload, header is header. Protocols usually specify ignoring payload contents except for checksum computation (as necessary) and size. Putting another header in payload causes that "header" to be ignored. Violating the specification of the protocol by creating a "second header" should cause the packet to be considered "invalid" and not parsed further.
What you describe is sort-of, kind-of like the basis for the early attacks in implementations of the IPv4 TCP/IP suite of protocols. "Oversized" packets, "Undersized" packets, and utilization of OS failing to verify validity of reassembled, previously fragmented packet lead to DoS scripts.This may have multiple uses, not the least of which a possible buffer overflow with (insert OS here) using the minimum space (insert amount of headers here) would need, all in one frame, no need for a connection.
I do not see how this would be possible if the OS vendors follow the requirements of the protocols.*Does this have any possibility at all or am I just daydreaming?
* However, there are people here with more skill than me... ]:>
Comment