On Wed, Oct 01, 2008 at 03:58:22PM +0200, Claudio Jeker wrote:

| On Wed, Oct 01, 2008 at 03:31:00PM +0200, Stephan A. Rickauer wrote:

| > On Wed, 2008-10-01 at 14:52 +0200, Leon Dippenaar wrote:

| > > Hi there,

| > >

| > > is there any weight to this new story on slashdot

| > > http://it.slashdot.org/it/08/10/01/0127245.shtml

| > >

| > > about a new attacker possible to break any tcp stack? Sounds rather

| > > shady, so here I am, perhaps you guys have your ears closer to the

ground

| >

| > A little bit less vage info can be found here

| >

| > http://tinyurl.com/3hv3kf

| >

|

| This article is mostly about exploiting SYN cookies to bring servers into

| resource starvation. OpenBSD does not implement SYN cookies. We have a SYN

| cache with a upper limit of open handshakes. Together with random initial

| sequence numbers it is hard to finish the 3-way handshake without getting

| the SYN/ACK from the server on OpenBSD systems.
So far, I've heard about issues with TCP *after* a session has been

established (ie, after the 3-way handshake). Somehow exploiting TCP

state timers to affect badness (DoS), maybe.
I agree with Claudio that very little is public so far (I don't eat

cereals, but I believe the same is true for my jar of peanutbutter).
For now, it's all *extremely* vague.
Cheers,
Paul 'WEiRD' de Weerd
--

quoted text
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+

+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]

                 http://www.weirdnet.nl/

[demime 1.01d removed an attachment of type application/pgp-signature]