Bugtraq mailing list archives
Re: updated Bindview NAPTHA advisory
From: stanislav shalunov <shalunov () INTERNET2 EDU>
Date: Tue, 19 Dec 2000 16:54:35 -0500
My earlier messages to BUGTRAQ (by the way, you reference them with a misslepping of my name) present an attack that involves exhaustion of resources by creation of large number of TCP streams and leaving them in an interesting state. http://www.deja.com/getdoc.xp?AN=614271756&fmt=text http://www.deja.com/getdoc.xp?AN=615140242&fmt=text The way you do it, as far as I could understand, it can be more easily countered by increasing amount of memory for networking and sizes of various tables. Essentially, your method only consumes a TCB, plus maybe some tiny amount of space per connection, while it's possible to consume tens of kilobytes of kernel memory per connection, and tie up tens of megabytes of non-pageable kernel memory from a dialup connection. Additionally, a tool was provided for experimenting. -- Stanislav Shalunov <shalunov () internet2 edu> Internet Engineer, Internet2 Beware of Programmers who carry screwdrivers. -- Leonard Brandwein
Current thread:
- updated Bindview NAPTHA advisory Bob Keyes (Dec 19)
- Re: updated Bindview NAPTHA advisory Alfred Perlstein (Dec 20)
- Re: updated Bindview NAPTHA advisory Bob Keyes (Dec 20)
- Re: updated Bindview NAPTHA advisory Michal Zalewski (Dec 20)
- Re: updated Bindview NAPTHA advisory stanislav shalunov (Dec 20)
- Re: updated Bindview NAPTHA advisory Alfred Perlstein (Dec 20)