nanog mailing list archives
Re: DoS, ICMP, proxies, SYNDefender
From: "Perry E. Metzger" <perry () piermont com>
Date: Thu, 03 Oct 1996 20:03:35 -0400
Tim Bass writes:
If you are an attacker and know your target host is about to set up a connection with a particular host address, then if you timed it exactly right you could nuke the connection during one state of the TCP connection, SYN_RCVD.
Yup. If you don't think this is a serious problem, well, I can think right away of how to use such a defect to cause serious harm to the infrastructure of the net. Indeed, I can think of two. We are trying to reduce the number of ways that forged packets can be used to cause harm, not open new ones.
So, if you can guess sequence numbers, ip addresses, and the exact state on the connection..... er..
What makes you think you can't? You CAN guess sequence numbers, and pretty consistantly. The paper by Bob Morris on how to do it is nearly a decade old. We have a simple and practical pair of ways of dealing with this: ingress filtering and host hardening. Lets stick with things that cause no additional harm, shall we? Perry - - - - - - - - - - - - - - - - -
Current thread:
- Re: New Denial of Service Attack on Panix, (continued)
- Re: New Denial of Service Attack on Panix Dima Volodin (Oct 02)
- Uh...excuse me...? Carl Payne (Oct 02)
- Re: New Denial of Service Attack on Panix Tim Bass (Oct 02)
- Re: New Denial of Service Attack on Panix\ Avi Freedman (Oct 02)
- Re: New Denial of Service Attack on Panix\ Tim Bass (Oct 03)
- Re: New Denial of Service Attack on Panix\ Tim Bass (Oct 03)
- Re: New Denial of Service Attack on Panix\ Matt Zimmerman (Oct 03)
- Re: DoS, ICMP, proxies, SYNDefender Tim Bass (Oct 03)
- Re: DoS, ICMP, proxies, SYNDefender Perry E. Metzger (Oct 03)
- Re: DoS, ICMP, proxies, SYNDefender Tim Bass (Oct 03)
- Re: DoS, ICMP, proxies, SYNDefender Perry E. Metzger (Oct 03)
- Re: DoS, ICMP, proxies, SYNDefender Dima Volodin (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Tim Bass (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Michael Dillon (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Tim Bass (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Dima Volodin (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Tim Bass (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Avi Freedman (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Michael Dillon (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Tim Bass (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Michael Dillon (Oct 04)