Re: New tcp stack attack

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Fernando Gont <fernando@...>

To: Peter J. Philipp <pjp@...>

Cc: <misc@...>

Subject: Re: New tcp stack attack

Date: Wednesday, October 1, 2008 - 1:31 pm

At 01:56 p.m. 01/10/2008, Peter J. Philipp wrote:

>I listened to the podcast and got the idea that the socket is in

quoted text

>ESTABLISHED state (so after 3 way handshake) and they
>mention that a packets PCB resources have timers, and that is what
>they exploit.

That was just an example of the type of resources that could be exhausted.

>Perhaps you establish the session and

quoted text

>send an HTTP request (pretend it's http) and never ACK the answer
>that gets repeated based on the internal timers. It seemed to me
>they say that some stop repeating their content and just die.

That would be Shalunov's netkill attack, which aims at exhausting
memory by tying it to both PCBs and socket send buffers.

--
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

New tcp stack attack, Leon Dippenaar, (Wed Oct 1, 8:52 am)

Re: New tcp stack attack, Jussi Peltola, (Wed Oct 1, 11:56 am)

Re: New tcp stack attack, Duncan Patton a Campbell, (Wed Oct 1, 10:13 am)

Re: New tcp stack attack, Fernando Gont, (Wed Oct 1, 11:24 am)

Re: New tcp stack attack, Duncan Patton a Campbell, (Wed Oct 1, 11:41 am)

Re: New tcp stack attack, Fernando Gont, (Wed Oct 1, 12:26 pm)

Re: New tcp stack attack, Peter J. Philipp, (Wed Oct 1, 12:56 pm)

Re: New tcp stack attack, Sunnz, (Fri Oct 3, 12:18 pm)

Re: New tcp stack attack, Fernando Gont, (Wed Oct 1, 1:31 pm)

Re: New tcp stack attack, Peter J. Philipp, (Wed Oct 1, 2:11 pm)

Re: New tcp stack attack, Brian Keefer, (Wed Oct 1, 10:37 pm)

Re: New tcp stack attack, Stephan A. Rickauer, (Wed Oct 1, 9:31 am)

Re: New tcp stack attack, Claudio Jeker, (Wed Oct 1, 9:58 am)

Re: New tcp stack attack, Paul de Weerd, (Wed Oct 1, 10:46 am)

Re: New tcp stack attack, Duncan Patton a Campbell, (Wed Oct 1, 10:22 am)

Re: New tcp stack attack, Dries Schellekens, (Wed Oct 1, 10:47 am)

Re: New tcp stack attack, Dries Schellekens, (Wed Oct 8, 7:12 am)

Re: New tcp stack attack, Alexander Sabourenkov, (Wed Oct 1, 10:44 am)


linux-kernel:
david	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Heiko Carstens	Re: -mm merge plans for 2.6.23 -- sys_fallocate
Andreas Schwab	Re: [PATCH] [POWERPC] Improve (in\|out)_beXX() asm code
Dave Hansen	Re: [RFC/PATCH] Documentation of kernel messages
git:

linux-netdev:
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
David Miller	[GIT]: Networking
Jarek Poplawski	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Jeff Garzik	Re: [bug?] tg3: Failed to load firmware "tigon/tg3_tso.bin"
openbsd-misc:

Re: New tcp stack attack

Online users