Security Incidents mailing list archives
Re: DoS/DDoS on port 1863(MSN protocol)
From: Tillman Hodgson <tillman () seekingfire com>
Date: Mon, 27 Sep 2004 17:00:22 -0600
On Mon, Sep 27, 2004 at 11:08:44AM -0700, Kevin Reardon wrote:
There is also no application information in a TCP SYN packet. 60 bytes, that's all you got.
Data certainly can appear in SYN packets.
RFC 793 section 3.4 allows data in SYN packets, saying ``this is
perfectly legitimate, so long as the receiving TCP doesn't deliver the
data to the user until it is clear the data is valid (i.e., the data
must be buffered at the receiver until the connection reaches the
ESTABLISHED state)''. In fact, it appears to be the only time that data
is permitted in the packet without the ACK bit also being set. This can
conceivably be used for benign purposes as it can reduce the latency of
short-lived TCP connections.
-T
--
There is no such thing as a law of nature. There is only a series of laws
relating to man's practical experience with nature. These are laws of man's
activities. They change as man's activities change.
- Pardot Kynes, An Arrakis Primer
Current thread:
- Yahoo Account hacking Freilich, Robert (Sep 20)
- Port 7000 (Apple File Share) DoS/DDoS underway David Gillett (Sep 21)
- Re: Port 7000 (Apple File Share) DoS/DDoS underway Christine Kronberg (Sep 22)
- Re: Port 7000 (Apple File Share) DoS/DDoS underway Daniel Hanson (Sep 22)
- Re: Port 7000 (Apple File Share) DoS/DDoS underway Christine Kronberg (Sep 23)
- Re: Port 7000 (Apple File Share) DoS/DDoS underway Christine Kronberg (Sep 22)
- Re: Port 7000 (Apple File Share) DoS/DDoS underway Chris Krough (Sep 22)
- Re: Port 7000 (Apple File Share) DoS/DDoS underway Chris Krough (Sep 22)
- DoS/DDoS on port 1863(MSN protocol) Diego Sebastián González (Sep 26)
- RE: DoS/DDoS on port 1863(MSN protocol) easternerd (Sep 27)
- Re: DoS/DDoS on port 1863(MSN protocol) Kevin Reardon (Sep 27)
- Re: DoS/DDoS on port 1863(MSN protocol) Tillman Hodgson (Sep 29)
- data payload in SYN (Re: DoS/DDoS on port 1863(MSN protocol)) Martin Mačok (Sep 29)
- Port 7000 (Apple File Share) DoS/DDoS underway David Gillett (Sep 21)
- Re: DoS/DDoS on port 1863(MSN protocol) terry white (Sep 27)
- Re: DoS/DDoS on port 1863(MSN protocol) Martin Mačok (Sep 28)