Vulnerability Development mailing list archives
Re: Naptha - New DoS
From: Filipe Almeida <filipe () IST UTL PT>
Date: Fri, 15 Dec 2000 12:08:04 +0000
On Fri, Dec 08, 2000 at 11:18:53PM -0600, Damian Menscher wrote:
Now for a question: the effectiveness of the attack comes from the fact that the attacker doesn't need to store the state. Why not just allow the second machine to actually exist, but not store the state? Saves effort from sniffing, though it does make it easier to find and shut down.....
When the SYN/ACK comes back from the victim machine, your tcp/ip stack
will respond with a RST.
You will have an extra effort preventing RST and FIN packets
leaving the attacker machine as a response to the fake connections you just
opened. Unless you filter outgoing RST and FIN packets, but then, you won't
be able to terminate your own legit connections.
Another option is to reserve a port range where you filter all outgoing
RST and FIN packets and serve as the source port of your attack.
--
Filipe Almeida
aka
LiquidK
Current thread:
- Naptha - New DoS White Vampire (Dec 08)
- Re: Naptha - New DoS Carl-Johan Bostorp (Dec 08)
- Re: Naptha - New DoS White Vampire (Dec 09)
- Message not available
- Re: Naptha - New DoS White Vampire (Dec 09)
- Re: Naptha - New DoS rpc (Dec 09)
- Re: Naptha - New DoS Sebastian (Dec 10)
- Re: Naptha - New DoS Damian Menscher (Dec 10)
- Re: Naptha - New DoS Filipe Almeida (Dec 16)
- Re: Naptha - New DoS Bruno Morisson (Dec 17)
- Re: Naptha - New DoS White Vampire (Dec 09)
- Re: Naptha - New DoS Carl-Johan Bostorp (Dec 08)
- Re: Naptha - New DoS Lincoln Yeoh (Dec 09)
- Re: Naptha - New DoS Michael H. Warfield (Dec 09)
- Re: Naptha - New DoS Jose Nazario (Dec 09)
- Re: Naptha - New DoS Ron DuFresne (Dec 09)
- Message not available
- Re: Naptha - New DoS Lincoln Yeoh (Dec 09)
- <Possible follow-ups>
- Re: Naptha - New DoS Jonas Thambert (Dec 09)
- Re: Naptha - New DoS Simple Nomad (Dec 11)
- Re: Naptha - New DoS Dug Song (Dec 11)
- Re: Naptha - New DoS Simple Nomad (Dec 11)