Bugtraq mailing list archives

Re: updated Bindview NAPTHA advisory

From: stanislav shalunov <shalunov () INTERNET2 EDU>
Date: Tue, 19 Dec 2000 16:54:35 -0500

My earlier messages to BUGTRAQ (by the way, you reference them with a
misslepping of my name) present an attack that involves exhaustion of
resources by creation of large number of TCP streams and leaving them
in an interesting state.

http://www.deja.com/getdoc.xp?AN=614271756&fmt=text
http://www.deja.com/getdoc.xp?AN=615140242&fmt=text

The way you do it, as far as I could understand, it can be more easily
countered by increasing amount of memory for networking and sizes of
various tables.

Essentially, your method only consumes a TCB, plus maybe some tiny
amount of space per connection, while it's possible to consume tens of
kilobytes of kernel memory per connection, and tie up tens of
megabytes of non-pageable kernel memory from a dialup connection.

Additionally, a tool was provided for experimenting.

--
Stanislav Shalunov <shalunov () internet2 edu>  Internet Engineer, Internet2

Beware of Programmers who carry screwdrivers.    -- Leonard Brandwein

Current thread:

updated Bindview NAPTHA advisory Bob Keyes (Dec 19)
- Re: updated Bindview NAPTHA advisory Alfred Perlstein (Dec 20)
  - Re: updated Bindview NAPTHA advisory Bob Keyes (Dec 20)
- Re: updated Bindview NAPTHA advisory Michal Zalewski (Dec 20)
- Re: updated Bindview NAPTHA advisory stanislav shalunov (Dec 20)