Educause Security Discussion mailing list archives
Re: Fwd: [VulnWatch] TCP reset vulnerability
From: Gene Spafford <spaf () CERIAS PURDUE EDU>
Date: Tue, 20 Apr 2004 14:40:37 -0500
At 3:09 PM -0400 4/20/04, Steve Worona wrote:
I felt the same way, and then I read this part of the report:Although denial of service using crafted TCP packets is a well known weakness of TCP, until recently it was believed that a successful denial of service attack was not achievable in practice. ... The discoverer of the practicability of the RST attack was Paul A. Watson, who describes his research in his paper "Slipping In The Window: TCP Reset Attacks", presented at the CanSecWest 2004 conference. He noticed that the probability of guessing an acceptable sequence number is much higher than 1/2**32 because the receiving TCP implementation will accept any sequence number in a certain range (or "window") of the expected sequence number. The window makes TCP reset attacks practicable.So is this a relevant new discovery? Or old news?
Back in the days when sequence number prediction was simpler there were several demonstrations of reset attacks. I seem to recall (but don't have access to my books to check) that Simson Garfinkel and I wrote such a tool and tested it, then documented it in one of the earlier editions of our books. I know we had one here in-house, because the students were using it against each other until I made them stop. :-) ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Fwd: [VulnWatch] TCP reset vulnerability H. Morrow Long (Apr 20)
- <Possible follow-ups>
- Re: Fwd: [VulnWatch] TCP reset vulnerability Gene Spafford (Apr 20)
- Re: Fwd: [VulnWatch] TCP reset vulnerability Steve Worona (Apr 20)
- Re: Fwd: [VulnWatch] TCP reset vulnerability Gene Spafford (Apr 20)
- Re: Fwd: [VulnWatch] TCP reset vulnerability Christopher E. Cramer (Apr 20)