Re: New tcp stack attack

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Fernando Gont <fernando@...>

To: Duncan Patton a Campbell <campbell@...>, Leon Dippenaar <leon.dippenaar@...>

Cc: <misc@...>

Subject: Re: New tcp stack attack

Date: Wednesday, October 1, 2008 - 11:24 am

At 11:13 a.m. 01/10/2008, Duncan Patton a Campbell wrote:

quoted text

>Sockstress computes and stores so-called client-side SYN cookies and
>enables Lee and Louis to specify a destination port and IP address.
>The method allows them to complete the TCP handshake without having
>to store any values, which takes time and resources. "We can then
>say that we want to establish X number of TCP connections on that
>address and that we want to use this attack type, and it does it," Lee said.
>"

This is simply the naphta attack. They don't really need to "use syn
cookies". They could simply ACK any SYN/ACK they receive, and that's it.

The attack is not new, and they are not proposing any counter-measures.

It doesn't mean does this does not need attention... but they are not
making any new contribution to the issue.

Kind regards,

--
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

New tcp stack attack, Leon Dippenaar, (Wed Oct 1, 8:52 am)

Re: New tcp stack attack, Jussi Peltola, (Wed Oct 1, 11:56 am)

Re: New tcp stack attack, Duncan Patton a Campbell, (Wed Oct 1, 10:13 am)

Re: New tcp stack attack, Fernando Gont, (Wed Oct 1, 11:24 am)

Re: New tcp stack attack, Duncan Patton a Campbell, (Wed Oct 1, 11:41 am)

Re: New tcp stack attack, Fernando Gont, (Wed Oct 1, 12:26 pm)

Re: New tcp stack attack, Peter J. Philipp, (Wed Oct 1, 12:56 pm)

Re: New tcp stack attack, Sunnz, (Fri Oct 3, 12:18 pm)

Re: New tcp stack attack, Fernando Gont, (Wed Oct 1, 1:31 pm)

Re: New tcp stack attack, Peter J. Philipp, (Wed Oct 1, 2:11 pm)

Re: New tcp stack attack, Brian Keefer, (Wed Oct 1, 10:37 pm)

Re: New tcp stack attack, Stephan A. Rickauer, (Wed Oct 1, 9:31 am)

Re: New tcp stack attack, Claudio Jeker, (Wed Oct 1, 9:58 am)

Re: New tcp stack attack, Paul de Weerd, (Wed Oct 1, 10:46 am)

Re: New tcp stack attack, Duncan Patton a Campbell, (Wed Oct 1, 10:22 am)

Re: New tcp stack attack, Dries Schellekens, (Wed Oct 1, 10:47 am)

Re: New tcp stack attack, Dries Schellekens, (Wed Oct 8, 7:12 am)

Re: New tcp stack attack, Alexander Sabourenkov, (Wed Oct 1, 10:44 am)


linux-kernel:
Tarkan Erimer	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Greg KH	[GIT PATCH] driver core patches against 2.6.24
Justin Piszcz	exception Emask 0x0 SAct 0x1 / SErr 0x0 action 0x2 frozen
Heiko Carstens	Re: -mm merge plans for 2.6.23 -- sys_fallocate
git:

linux-netdev:
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
David Miller	[GIT]: Networking
Frans Pop	svc: failed to register lockdv1 RPC service (errno 97).
Radu Rendec	htb parallelism on multi-core platforms
openbsd-misc:

Re: New tcp stack attack

Online users