nanog mailing list archives
Re: tcp,guardent,bellovin
From: Valdis.Kletnieks () vt edu
Date: Mon, 12 Mar 2001 18:49:39 -0500
On Mon, 12 Mar 2001 18:09:32 EST, "Richard A. Steenbergen" said:
And since the "victim" will have the current sequence number for inbound data, what would keep it from (correctly) sending an RST and tearing down this false connection?
And THAT my friends, was the *original* purpose for a TCP SYN flood - it wasn't to DOS the victim, it was to DOS a machine *trusted by* the victim so you could forge a connection and NOT get nailed by an RST. I'm sure that Steve Bellovin can point us at the original discussion of this, which was *ages* ago. I remember hearing that Kevin Mitnick used that (in addition to other tricks) against Shimomura's machines and thinking "Hmm.. so it's *not* just a theoretical attack anymore..." -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
Current thread:
- tcp,guardent,bellovin Chris Beggy (Mar 12)
- <Possible follow-ups>
- Re: tcp,guardent,bellovin Steven M. Bellovin (Mar 12)
- Re: tcp,guardent,bellovin Rafi Sadowsky (Mar 12)
- Re: tcp,guardent,bellovin bert hubert (Mar 12)
- Re: tcp,guardent,bellovin Scott Francis (Mar 12)
- Re: tcp,guardent,bellovin Steven M. Bellovin (Mar 12)
- Re: tcp,guardent,bellovin Rafi Sadowsky (Mar 12)
- Re: tcp,guardent,bellovin Jim Duncan (Mar 12)
- Re: tcp,guardent,bellovin Rafi Sadowsky (Mar 12)
- Re: tcp,guardent,bellovin Richard A. Steenbergen (Mar 12)
- Re: tcp,guardent,bellovin bert hubert (Mar 12)
- Re: tcp,guardent,bellovin Valdis . Kletnieks (Mar 12)
- Re: tcp,guardent,bellovin Steven M. Bellovin (Mar 12)