Bugtraq mailing list archives
Re: explanation and code for stream.c issues
From: vlad () SANDY RU (Vladimir Dubrovin)
Date: Sat, 22 Jan 2000 14:14:29 +0300
Hello Don Lewis, 22.01.00 13:58, you wrote: explanation and code for stream.c issues; D> } Intruder sends SYN packet and then sends, lets say 1000 ACK packets to D> } the same port from same port and source address. SYN packet will open D> } ipfilter to pass all others packets. This attack doesn't need D> } randomization for each packet. D> Instead of producing RST responses, this will produce ACKs. Your earlier D> comment about this prompted my comment in another thread about the D> possible need to rate limit ACK packets. This will not produce ACK packets, if ACK send by intruder doesn't conform sequence number in the SYN/ACK response of victim. Original stream.c used packet.tcp.th_ack = 0; i changed to packet.tcp.th_ack = random(); for ACK packets. But it's not principial - victim will reply RST for this packet in most cases. +=-=-=-=-=-=-=-=-=+ |Vladimir Dubrovin| | Sandy Info, ISP | +=-=-=-=-=-=-=-=-=+
Current thread:
- Fwd: Re: Fwd: Re: explanation and code for stream.c issues Tim Yardley (Jan 21)
- <Possible follow-ups>
- Re: explanation and code for stream.c issues Giorgos Keramidas (Jan 21)
- Re: explanation and code for stream.c issues Vladimir Dubrovin (Jan 22)
- Re: explanation and code for stream.c issues Don Lewis (Jan 22)
- Re: explanation and code for stream.c issues Vladimir Dubrovin (Jan 22)
- Re: explanation and code for stream.c issues Don Lewis (Jan 22)
- Re: explanation and code for stream.c issues Vladimir Dubrovin (Jan 22)