Bugtraq mailing list archives
Re: denial of service attack possible
From: fc () all net (Dr. Frederick B. Cohen)
Date: Fri, 27 Oct 1995 17:39:09 -0400
[Denial of service possible by remote host putting multiple connections to a port into the SYN_RCVD state, thereby precluding further (legitimate) connection attempts.]
This is only the very beginning of this issue. Virtually every server around today runs code that has no timeouts on TCP connections. Without timeouts, the other person merely has to wait forever without responding and your server will tie up without end. Do it (5-1024) times and you stuff the service. This also works against most Proxies in firewalls, many Internet gateway services, ISP-provided services, etc. You may also run into the too-many services provided per minute limit, run out of memory while two processes wait for each other to free up the memory they need to finish their task, have open files not shareable between two processes (thus causing a similar denial), and the list rolls on. As long as you're looking at one, you may as well look at the whole suite pof problems that go along with it. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
Current thread:
- Re: denial of service attack possible Andrew Gross (Oct 27)
- <Possible follow-ups>
- Re: denial of service attack possible Jim Shankland (Oct 27)
- Re: denial of service attack possible Dr. Frederick B. Cohen (Oct 27)
- Sendmail bug. Eduardo E. Silva (Oct 27)
- New tool available: Netcat *Hobbit* (Oct 28)