nanog mailing list archives
Re: TCP RST attack (the cause of all that MD5-o-rama)
From: Iljitsch van Beijnum <iljitsch () muada com>
Date: Tue, 20 Apr 2004 23:16:37 +0200
On 20-apr-04, at 21:40, Patrick W.Gilmore wrote:
What is a typical receive window on a router? I have been told (have not confirmed) it was about 14 bits.
Cisco routers have a command that will show you this number. It's generally just under 16k. Unfortunately, some looking glasses allow anyone to execute this command...
(Someone check my math. :)
I think your math computes. I was worried for a moment that TCP might be tricked into emitting a packet when you hit the right port combo but the wrong sequence number. It does, and even helps out by sending back the right sequence number. But of course this packet goes to the real correspondent so this shouldn't help the attacker.
Current thread:
- Re: TCP RST attack (the cause of all that MD5-o-rama), (continued)
- Re: TCP RST attack (the cause of all that MD5-o-rama) Simon Lockhart (Apr 21)
- Re: TCP RST attack (the cause of all that MD5-o-rama) Dan Hollis (Apr 20)
- Re: TCP RST attack (the cause of all that MD5-o-rama) Paul Vixie (Apr 20)
- Re: TCP RST attack (the cause of all that MD5-o-rama) Patrick W . Gilmore (Apr 20)
- Re: TCP RST attack (the cause of all that MD5-o-rama) Valdis . Kletnieks (Apr 20)
- Re: TCP RST attack (the cause of all that MD5-o-rama) Patrick W . Gilmore (Apr 20)
- Re: TCP RST attack (the cause of all that MD5-o-rama) E.B. Dreger (Apr 20)
- Re: TCP RST attack (the cause of all that MD5-o-rama) Peter Galbavy (Apr 20)
- Re: TCP RST attack (the cause of all that MD5-o-rama) E.B. Dreger (Apr 21)
- Re: TCP RST attack (the cause of all that MD5-o-rama) Crist Clark (Apr 21)
- Re: TCP RST attack (the cause of all that MD5-o-rama) Valdis . Kletnieks (Apr 20)
- Re: TCP RST attack (the cause of all that MD5-o-rama) Patrick W . Gilmore (Apr 21)