Vulnerability Development mailing list archives
Re: Naptha - New DoS
From: rpc <h () ckz org>
Date: Fri, 8 Dec 2000 09:14:50 GMT
On Fri, 8 Dec 2000 02:44:23 -0500, White Vampire said:
On Thu, Dec 07, 2000 at 06:49:12PM +0100, Carl-Johan Bostorp(ctor () krixor xy org) wrote: > Hmm.. Maybe I didn't read it close enough, but isn't what it does that it > just opens a bunch of TCP connections w/o keeping a local state?? ... The > only new thing I see is that it's been implemented and publicized.. But it > doesn't really matter.. It involves some 'spoofing' too, so to speak. So the originating host does not complete the handshake, thus not being affected.
On reading the Razor advisory, it seems the attack involves spoofing as well as sniffing. There is a daemon running on a machine on the same LAN as the victem, which listens for the spoofed SYN packets, and the SYN/ACK reply from the victem. The sniffing daemon then forges the last ACK of the handshake, from the spoof to the victem. Thus the victem thinks the TCP connection is ESTABLISHED and legitmate. Repeat.
Regardless, I am not really sure what the problem is. So what if it is an old concept. So what if it has been discussed to death. Is this not worth fixing? This is /not/ a good thing. > I never mentioned inetd. Use xinetd as wrapper for other daemons like ssh > and you no longer have to worry about ssh being attacked. Ah, my error. Regards, -- __ ______ ____ / \ / \ \ / / White Vampire\Rem \ \/\/ /\ Y / http://www.gammagear.com/ (Gear for the BOFH!) \ / \ / http://www.webfringe.com/ \__/\ / \___/ http://www.gammaforce.org/ \/ "Silly hacker, root is for administrators."
Current thread:
- Naptha - New DoS White Vampire (Dec 08)
- Re: Naptha - New DoS Carl-Johan Bostorp (Dec 08)
- Re: Naptha - New DoS White Vampire (Dec 09)
- Message not available
- Re: Naptha - New DoS White Vampire (Dec 09)
- Re: Naptha - New DoS rpc (Dec 09)
- Re: Naptha - New DoS Sebastian (Dec 10)
- Re: Naptha - New DoS Damian Menscher (Dec 10)
- Re: Naptha - New DoS Filipe Almeida (Dec 16)
- Re: Naptha - New DoS Bruno Morisson (Dec 17)
- Re: Naptha - New DoS White Vampire (Dec 09)
- Re: Naptha - New DoS Carl-Johan Bostorp (Dec 08)
- Re: Naptha - New DoS Lincoln Yeoh (Dec 09)
- Re: Naptha - New DoS Michael H. Warfield (Dec 09)
- Re: Naptha - New DoS Jose Nazario (Dec 09)
- Re: Naptha - New DoS Ron DuFresne (Dec 09)
- Message not available
- Re: Naptha - New DoS Lincoln Yeoh (Dec 09)