Re: New tcp stack attack

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
To: Fernando Gont <fernando@...>
Cc: <misc@...>
Date: Wednesday, October 1, 2008 - 11:41 am

On Wed, 01 Oct 2008 12:24:16 -0300
Fernando Gont wrote:

> At 11:13 a.m. 01/10/2008, Duncan Patton a Campbell wrote:

The impression I got is that they collect enough SYN cookies from
the server to crack the server's secret (24bit) and THEN they can
forge any number of acks to the server's syn cookie that contain
bogus ip/ports but with the correct sequence/hash. If this is not
the case then it is nothing new.

Dhu

> The attack is not new, and they are not proposing any counter-measures.

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:
New tcp stack attack, Leon Dippenaar, (Wed Oct 1, 8:52 am)
Re: New tcp stack attack, Jussi Peltola, (Wed Oct 1, 11:56 am)
Re: New tcp stack attack, Duncan Patton a Campbell, (Wed Oct 1, 10:13 am)
Re: New tcp stack attack, Fernando Gont, (Wed Oct 1, 11:24 am)
Re: New tcp stack attack, Duncan Patton a Campbell, (Wed Oct 1, 11:41 am)
Re: New tcp stack attack, Fernando Gont, (Wed Oct 1, 12:26 pm)
Re: New tcp stack attack, Peter J. Philipp, (Wed Oct 1, 12:56 pm)
Re: New tcp stack attack, Sunnz, (Fri Oct 3, 12:18 pm)
Re: New tcp stack attack, Fernando Gont, (Wed Oct 1, 1:31 pm)
Re: New tcp stack attack, Peter J. Philipp, (Wed Oct 1, 2:11 pm)
Re: New tcp stack attack, Brian Keefer, (Wed Oct 1, 10:37 pm)
Re: New tcp stack attack, Stephan A. Rickauer, (Wed Oct 1, 9:31 am)
Re: New tcp stack attack, Claudio Jeker, (Wed Oct 1, 9:58 am)
Re: New tcp stack attack, Paul de Weerd, (Wed Oct 1, 10:46 am)
Re: New tcp stack attack, Duncan Patton a Campbell, (Wed Oct 1, 10:22 am)
Re: New tcp stack attack, Dries Schellekens, (Wed Oct 1, 10:47 am)
Re: New tcp stack attack, Dries Schellekens, (Wed Oct 8, 7:12 am)
Re: New tcp stack attack, Alexander Sabourenkov, (Wed Oct 1, 10:44 am)