Re: New tcp stack attack

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Duncan Patton a Campbell <campbell@...>

To: Fernando Gont <fernando@...>

Cc: <misc@...>

Date: Wednesday, October 1, 2008 - 11:41 am

On Wed, 01 Oct 2008 12:24:16 -0300

Fernando Gont  wrote:
> At 11:13 a.m. 01/10/2008, Duncan Patton a Campbell wrote:

quoted text>

> >"

> >Sockstress computes and stores so-called client-side SYN cookies and

> >enables Lee and Louis to specify a destination port and IP address.

> >The method allows them to complete the TCP handshake without having

> >to store any values, which takes time and resources. "We can then

> >say that we want to establish X number of TCP connections on that

> >address and that we want to use this attack type, and it does it," Lee said.

> >"

>

> This is simply the naphta attack. They don't really need to "use syn

> cookies". They could simply ACK any SYN/ACK they receive, and that's it.

> 
The impression I got is that they collect enough SYN cookies from

the server to crack the server's secret (24bit) and THEN they can

forge any number of acks to the server's syn cookie that contain

bogus ip/ports but with the correct sequence/hash.  If this is not

the case then it is nothing new.  
Dhu
> The attack is not new, and they are not proposing any counter-measures.

quoted text>

> It doesn't mean does this does not need attention... but they are not

> making any new contribution to the issue.

>

> Kind regards,

>

> --

> Fernando Gont

> e-mail: fernando@gont.com.ar || fgont@acm.org

> PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

New tcp stack attack, Leon Dippenaar, (Wed Oct 1, 8:52 am)

Re: New tcp stack attack, Jussi Peltola, (Wed Oct 1, 11:56 am)

Re: New tcp stack attack, Duncan Patton a Campbell, (Wed Oct 1, 10:13 am)

Re: New tcp stack attack, Fernando Gont, (Wed Oct 1, 11:24 am)

Re: New tcp stack attack, Duncan Patton a Campbell, (Wed Oct 1, 11:41 am)

Re: New tcp stack attack, Fernando Gont, (Wed Oct 1, 12:26 pm)

Re: New tcp stack attack, Peter J. Philipp, (Wed Oct 1, 12:56 pm)

Re: New tcp stack attack, Sunnz, (Fri Oct 3, 12:18 pm)

Re: New tcp stack attack, Fernando Gont, (Wed Oct 1, 1:31 pm)

Re: New tcp stack attack, Peter J. Philipp, (Wed Oct 1, 2:11 pm)

Re: New tcp stack attack, Brian Keefer, (Wed Oct 1, 10:37 pm)

Re: New tcp stack attack, Stephan A. Rickauer, (Wed Oct 1, 9:31 am)

Re: New tcp stack attack, Claudio Jeker, (Wed Oct 1, 9:58 am)

Re: New tcp stack attack, Paul de Weerd, (Wed Oct 1, 10:46 am)

Re: New tcp stack attack, Duncan Patton a Campbell, (Wed Oct 1, 10:22 am)

Re: New tcp stack attack, Dries Schellekens, (Wed Oct 1, 10:47 am)

Re: New tcp stack attack, Dries Schellekens, (Wed Oct 8, 7:12 am)

Re: New tcp stack attack, Alexander Sabourenkov, (Wed Oct 1, 10:44 am)


linux-kernel:
Greg Kroah-Hartman	[PATCH 005/196] Chinese: add translation of SubmittingDrivers
Christian Kujau	2.6.20.4: NETDEV WATCHDOG and lockups
Tarkan Erimer	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Jack Steiner	Re: [patch] my mmu notifiers
git:

linux-netdev:
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
Arjan van de Ven	Re: [GIT]: Networking
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Jens Axboe	Re: [BUG] New Kernel Bugs
netbsd-tech-kern:
YAMAMOTO Takashi	removing VOPs
Lennart Augustsson	Re: FreeBSD 5/6/7 kernel emulator for NetBSD 2.x
Daniel Carosone	Re: direct I/O
Brian Buhrow	Re: /sbin/reboot and secmodel

Re: New tcp stack attack

Online users