Bugtraq mailing list archives
Re: TCP SYN probe detection tool available
From: jadestar () netcom com (JaDe)
Date: Thu, 16 May 1996 09:58:22 -0700
I am afraid I do not read other security lists besides this one (I glance at Linux-alert and Linux-security occasionally when linux.dev.* mentions something)And of course stuff like cert-advisory, but in none of these have I seen what actually can be done with SYN packets... Could someone explain this? $) Henri
SYN packets signal a request to open/negotiate a new session -- the problem arises when an attacker forges a series of packets that all have the SYN flag set. The recipient host can easily overflow its kernel structures in its effort to negotiate all of these "connection requests." This amounts to a denial of service attack (bad or badly configured kernels may panic or may start "thrashing" -- good kernels have a limit -- either way the machine is temporarily "off the net" (unable to carry on useful TCP/IP communications). This is _at_best_ a gross oversimplication and may be in error on some points. I'm not a TCP/IP programmer or a kernel hacker. I guess there is some sort of timeout. Basically detecting these attacks is a matter of hueristics. Ideally one would have a programmable router that would monitor TCP sessions (state monitoring) and would log alert and deny packets from a host/site that appeared to be utilizing too much of a machine's TCP resources. This issue has been held forth as evidence that IPv4 can't be made sufficiently secure to carry us into the next decade (TCP/IP as we know it is IP version 4). Right now there are developers working on IPv6 (IPv5 was skipped for technical reasons) -- but it doesn't look like ther will be any *real* deployment of that until next year -- at the earliest.
Current thread:
- Re: SunOS 4.1.4 fingerd, (continued)
- Re: SunOS 4.1.4 fingerd Patrick Ferguson (May 20)
- Re: SunOS 4.1.4 fingerd Eilon Gishri (May 21)
- Re: SunOS 4.1.4 fingerd Alan Brown (May 22)
- CERT Vendor-Initiated Bulletin VB-96.06 - FreeBSD CERT Bulletin (May 20)
- Re: SunOS 4.1.4 fingerd invalid opcode (May 16)
- Re: TCP SYN probe detection tool available Henri Karrenbeld (May 16)
- Re: TCP SYN probe detection tool available Brian Mitchell (May 16)
- Re: TCP SYN probe detection tool available Mike Neuman (May 16)
- Re: TCP SYN probe detection tool available Darren Reed (May 26)
- Re: TCP SYN probe detection tool available JaDe (May 16)