Re: New tcp stack attack

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Duncan Patton a Campbell <campbell@...>

To: Fernando Gont <fernando@...>

Cc: <misc@...>

Date: Wednesday, October 1, 2008 - 11:41 am

On Wed, 01 Oct 2008 12:24:16 -0300

Fernando Gont  wrote:
> At 11:13 a.m. 01/10/2008, Duncan Patton a Campbell wrote:

quoted text>

> >"

> >Sockstress computes and stores so-called client-side SYN cookies and

> >enables Lee and Louis to specify a destination port and IP address.

> >The method allows them to complete the TCP handshake without having

> >to store any values, which takes time and resources. "We can then

> >say that we want to establish X number of TCP connections on that

> >address and that we want to use this attack type, and it does it," Lee said.

> >"

>

> This is simply the naphta attack. They don't really need to "use syn

> cookies". They could simply ACK any SYN/ACK they receive, and that's it.

> 
The impression I got is that they collect enough SYN cookies from

the server to crack the server's secret (24bit) and THEN they can

forge any number of acks to the server's syn cookie that contain

bogus ip/ports but with the correct sequence/hash.  If this is not

the case then it is nothing new.  
Dhu
> The attack is not new, and they are not proposing any counter-measures.

quoted text>

> It doesn't mean does this does not need attention... but they are not

> making any new contribution to the issue.

>

> Kind regards,

>

> --

> Fernando Gont

> e-mail: fernando@gont.com.ar || fgont@acm.org

> PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

New tcp stack attack, Leon Dippenaar, (Wed Oct 1, 8:52 am)

Re: New tcp stack attack, Jussi Peltola, (Wed Oct 1, 11:56 am)

Re: New tcp stack attack, Duncan Patton a Campbell, (Wed Oct 1, 10:13 am)

Re: New tcp stack attack, Fernando Gont, (Wed Oct 1, 11:24 am)

Re: New tcp stack attack, Duncan Patton a Campbell, (Wed Oct 1, 11:41 am)

Re: New tcp stack attack, Fernando Gont, (Wed Oct 1, 12:26 pm)

Re: New tcp stack attack, Peter J. Philipp, (Wed Oct 1, 12:56 pm)

Re: New tcp stack attack, Sunnz, (Fri Oct 3, 12:18 pm)

Re: New tcp stack attack, Fernando Gont, (Wed Oct 1, 1:31 pm)

Re: New tcp stack attack, Peter J. Philipp, (Wed Oct 1, 2:11 pm)

Re: New tcp stack attack, Brian Keefer, (Wed Oct 1, 10:37 pm)

Re: New tcp stack attack, Stephan A. Rickauer, (Wed Oct 1, 9:31 am)

Re: New tcp stack attack, Claudio Jeker, (Wed Oct 1, 9:58 am)

Re: New tcp stack attack, Paul de Weerd, (Wed Oct 1, 10:46 am)

Re: New tcp stack attack, Duncan Patton a Campbell, (Wed Oct 1, 10:22 am)

Re: New tcp stack attack, Dries Schellekens, (Wed Oct 1, 10:47 am)

Re: New tcp stack attack, Dries Schellekens, (Wed Oct 8, 7:12 am)

Re: New tcp stack attack, Alexander Sabourenkov, (Wed Oct 1, 10:44 am)


linux-kernel:
Tarkan Erimer	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Andrew Morton	Re: -mm merge plans for 2.6.23 -- sys_fallocate
Greg KH	[GIT PATCH] driver core patches against 2.6.24
Roland Dreier	wait_for_completion_timeout() spurious failure under heavy load?
git:

linux-netdev:
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
David Miller	[GIT]: Networking
Rémi	[PATCH 00/14] [RFC] Phonet protocol stack
Jan Engelhardt	Re: iptables very slow after commit 784544739a25c30637397ace5489eeb6e15d7d49
openbsd-misc: