Re: New tcp stack attack

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Fernando Gont <fernando@...>

To: Peter J. Philipp <pjp@...>

Cc: <misc@...>

Subject: Re: New tcp stack attack

Date: Wednesday, October 1, 2008 - 1:31 pm

At 01:56 p.m. 01/10/2008, Peter J. Philipp wrote:

>I listened to the podcast and got the idea that the socket is in

quoted text

>ESTABLISHED state (so after 3 way handshake) and they
>mention that a packets PCB resources have timers, and that is what
>they exploit.

That was just an example of the type of resources that could be exhausted.

>Perhaps you establish the session and

quoted text

>send an HTTP request (pretend it's http) and never ACK the answer
>that gets repeated based on the internal timers. It seemed to me
>they say that some stop repeating their content and just die.

That would be Shalunov's netkill attack, which aims at exhausting
memory by tying it to both PCBs and socket send buffers.

--
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

New tcp stack attack, Leon Dippenaar, (Wed Oct 1, 8:52 am)

Re: New tcp stack attack, Jussi Peltola, (Wed Oct 1, 11:56 am)

Re: New tcp stack attack, Duncan Patton a Campbell, (Wed Oct 1, 10:13 am)

Re: New tcp stack attack, Fernando Gont, (Wed Oct 1, 11:24 am)

Re: New tcp stack attack, Duncan Patton a Campbell, (Wed Oct 1, 11:41 am)

Re: New tcp stack attack, Fernando Gont, (Wed Oct 1, 12:26 pm)

Re: New tcp stack attack, Peter J. Philipp, (Wed Oct 1, 12:56 pm)

Re: New tcp stack attack, Sunnz, (Fri Oct 3, 12:18 pm)

Re: New tcp stack attack, Fernando Gont, (Wed Oct 1, 1:31 pm)

Re: New tcp stack attack, Peter J. Philipp, (Wed Oct 1, 2:11 pm)

Re: New tcp stack attack, Brian Keefer, (Wed Oct 1, 10:37 pm)

Re: New tcp stack attack, Stephan A. Rickauer, (Wed Oct 1, 9:31 am)

Re: New tcp stack attack, Claudio Jeker, (Wed Oct 1, 9:58 am)

Re: New tcp stack attack, Paul de Weerd, (Wed Oct 1, 10:46 am)

Re: New tcp stack attack, Duncan Patton a Campbell, (Wed Oct 1, 10:22 am)

Re: New tcp stack attack, Dries Schellekens, (Wed Oct 1, 10:47 am)

Re: New tcp stack attack, Dries Schellekens, (Wed Oct 8, 7:12 am)

Re: New tcp stack attack, Alexander Sabourenkov, (Wed Oct 1, 10:44 am)


linux-kernel:
Greg Kroah-Hartman	[PATCH 005/196] Chinese: add translation of SubmittingDrivers
Christian Kujau	2.6.20.4: NETDEV WATCHDOG and lockups
Tarkan Erimer	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Jack Steiner	Re: [patch] my mmu notifiers
git:

linux-netdev:
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
Arjan van de Ven	Re: [GIT]: Networking
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Jens Axboe	Re: [BUG] New Kernel Bugs
netbsd-tech-kern:
YAMAMOTO Takashi	removing VOPs
Lennart Augustsson	Re: FreeBSD 5/6/7 kernel emulator for NetBSD 2.x
Daniel Carosone	Re: direct I/O
Brian Buhrow	Re: /sbin/reboot and secmodel

Re: New tcp stack attack

Online users