Re: New tcp stack attack

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Fernando Gont <fernando@...>

To: Duncan Patton a Campbell <campbell@...>

Cc: <misc@...>

Subject: Re: New tcp stack attack

Date: Wednesday, October 1, 2008 - 12:26 pm

At 12:41 p.m. 01/10/2008, Duncan Patton a Campbell wrote:

> > This is simply the naphta attack. They don't really need to "use syn

quoted text

> > cookies". They could simply ACK any SYN/ACK they receive, and that's it.
> >
>
>The impression I got is that they collect enough SYN cookies from
>the server to crack the server's secret (24bit) and THEN they can
>forge any number of acks to the server's syn cookie that contain
>bogus ip/ports but with the correct sequence/hash. If this is not
>the case then it is nothing new.

According to a podcast I listened to, this is not what they try to
do. And even then, brute force attacks against SYN cookies have
already been discussed in the past. (although I agree that it usually
requires hard googling to spot the right documentation)

Kind regards,

--
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

New tcp stack attack, Leon Dippenaar, (Wed Oct 1, 8:52 am)

Re: New tcp stack attack, Jussi Peltola, (Wed Oct 1, 11:56 am)

Re: New tcp stack attack, Duncan Patton a Campbell, (Wed Oct 1, 10:13 am)

Re: New tcp stack attack, Fernando Gont, (Wed Oct 1, 11:24 am)

Re: New tcp stack attack, Duncan Patton a Campbell, (Wed Oct 1, 11:41 am)

Re: New tcp stack attack, Fernando Gont, (Wed Oct 1, 12:26 pm)

Re: New tcp stack attack, Peter J. Philipp, (Wed Oct 1, 12:56 pm)

Re: New tcp stack attack, Sunnz, (Fri Oct 3, 12:18 pm)

Re: New tcp stack attack, Fernando Gont, (Wed Oct 1, 1:31 pm)

Re: New tcp stack attack, Peter J. Philipp, (Wed Oct 1, 2:11 pm)

Re: New tcp stack attack, Brian Keefer, (Wed Oct 1, 10:37 pm)

Re: New tcp stack attack, Stephan A. Rickauer, (Wed Oct 1, 9:31 am)

Re: New tcp stack attack, Claudio Jeker, (Wed Oct 1, 9:58 am)

Re: New tcp stack attack, Paul de Weerd, (Wed Oct 1, 10:46 am)

Re: New tcp stack attack, Duncan Patton a Campbell, (Wed Oct 1, 10:22 am)

Re: New tcp stack attack, Dries Schellekens, (Wed Oct 1, 10:47 am)

Re: New tcp stack attack, Dries Schellekens, (Wed Oct 8, 7:12 am)

Re: New tcp stack attack, Alexander Sabourenkov, (Wed Oct 1, 10:44 am)

Navigation

Popular discussions


linux-kernel:
Tarkan Erimer	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Greg Kroah-Hartman	[PATCH 006/196] Chinese: add translation of oops-tracing.txt
Eric Sandeen	Re: [RFC] Heads up on sys_fallocate()
YOSHIFUJI Hideaki /	request_module: runaway loop modprobe net-pf-1 (is Re: Linux 2.6.21-rc1)
git:

linux-netdev:
Gerrit Renker	[PATCH 0/37] dccp: Feature negotiation - last call for comments
Jarek Poplawski	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Ben Greear	Re: MACVLANs really best solution? How about a bridge with multiple bridge virtual...
Rafael J. Wysocki	2.6.29-rc8: Reported regressions from 2.6.28
openbsd-misc:

Colocation donated by:

Online users

Syndicate