Hello, welcome to the Thursday, September 13th, 2018 edition of the Sansonet Storms and a Stormcast.

My name is Johannes Ulrich, and I am recording from Jacksonville, Florida.

Yesterday, I mentioned how Microsoft is part of its Tuesday patches, released advisory suggesting to turn off the reassembly of out-of-order fragments.

Well, I took a couple minutes today and checked how current operating systems actually deal with out-of-order fragments and overlaps.

Turns out that pretty much everybody still does deal with

overlapping fragments and reassembles them, but Windows 10 was sort of the outlier I found

that does reject packets with overlapping fragments. So this could affect your IDS configuration in some cases.

On the other hand, I also did look a little bit into more depth,

how much fragments you'll see in general.

And, well, as mentioned yesterday,

you're probably not going to see much outside of DNS.

So take a look at this and maybe you'll be okay just blocking all fragments on your firewall other than packets going to your

recursive DNS server. And as far as the DNS servers go, you may be able to get rid of

all fragmentations that's coming to these DNS

servers if you're limiting your extended DNS option zero size to something reasonable that

probably doesn't get fragmented, like around 1,200 or 1,300 bytes.

And the Magecard skimmer JavaScript is currently going around and affecting numerous websites,

including high-profile websites like British Airways.

These JavaScript skimmers are usually injected on payment pages.

They're waiting for the user to enter a credit

card account number or similar information and then report that number back to the attacker

without really disrupting the actual functioning of the website. So all it essentially is is a little bit

...