Bugtraq mailing list archives
Re: the next generation of nuke.c
From: smb () research att com (smb () research att com)
Date: Thu, 26 Jan 95 15:30:13 EST
More of a denial of service attack, but with the current discussion on bugtraq/firewalls regarding sequence number guessing, I thought I'd pu t forward a method on killing an established TCP connection, besides the (mis)usage of ICMP unreachable messages. It would also appear, that although this attack is more difficult to launch, it would also be mor e difficult to prevent. Since it's possible to guess sequence numbers of the packets in a TCP connection, it seems it would be possible to then send a fake FIN mess age to our target, followed directly by an ACK to acknowledge the closing of the connection. If you wanted to kill a connection, all you would have to do is flood one of the ends with FIN/ACK packets until you get the sequence numbers correct. - Oliver Well, RST is more definitive than FIN, somehow... That said, the attack you cite is harder to carry out than you think. It's easy to guess the next starting sequence number for a connection; it's much harder to know what the sequence number status is of an existing connection unless you're sniffing the wire. You'd also have to know what the client's port number was; again, without sniffing the wire, that's hard to come by, unless one of the two sites has an overly-cooperative SNMP server.
Current thread:
- Re: the next generation of nuke.c der Mouse (Jan 26)
- <Possible follow-ups>
- Re: the next generation of nuke.c Operator (Jan 26)
- Re: the next generation of nuke.c smb () research att com (Jan 26)
- Re: the next generation of nuke.c Dorian Deane (Jan 27)
- Re: the next generation of nuke.c Timothy Newsham (Jan 27)
- Re: the next generation of nuke.c smb () research att com (Jan 27)