Vulnerability Development mailing list archives
Re: Naptha - New DoS
From: Damian Menscher <menscher () uiuc edu>
Date: Fri, 8 Dec 2000 23:18:53 -0600
On Fri, 8 Dec 2000, rpc wrote:
On Fri, 8 Dec 2000 02:44:23 -0500, White Vampire said:On Thu, Dec 07, 2000 at 06:49:12PM +0100, Carl-Johan Bostorp(ctor () krixor xy org) wrote: > Hmm.. Maybe I didn't read it close enough, but isn't what it does that it > just opens a bunch of TCP connections w/o keeping a local state?? ... The > only new thing I see is that it's been implemented and publicized.. But it > doesn't really matter.. It involves some 'spoofing' too, so to speak. So the originating host does not complete the handshake, thus not being affected.On reading the Razor advisory, it seems the attack involves spoofing as well as sniffing. There is a daemon running on a machine on the same LAN as the victem, which listens for the spoofed SYN packets, and the SYN/ACK reply from the victem. The sniffing daemon then forges the last ACK of the handshake, from the spoof to the victem. Thus the victem thinks the TCP connection is ESTABLISHED and legitmate. Repeat.
Not exactly. True, both spoofing and sniffing are involved. But the machine does NOT need to be on the same LAN as the victim, and it does not have to listen for spoofed SYN packets. It can be on any network (the network the spoofed IP would be on IF it existed). Now for a question: the effectiveness of the attack comes from the fact that the attacker doesn't need to store the state. Why not just allow the second machine to actually exist, but not store the state? Saves effort from sniffing, though it does make it easier to find and shut down..... Damian Menscher -- --==## Grad. student & Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## <menscher () uiuc edu> www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Current thread:
- Naptha - New DoS White Vampire (Dec 08)
- Re: Naptha - New DoS Carl-Johan Bostorp (Dec 08)
- Re: Naptha - New DoS White Vampire (Dec 09)
- Message not available
- Re: Naptha - New DoS White Vampire (Dec 09)
- Re: Naptha - New DoS rpc (Dec 09)
- Re: Naptha - New DoS Sebastian (Dec 10)
- Re: Naptha - New DoS Damian Menscher (Dec 10)
- Re: Naptha - New DoS Filipe Almeida (Dec 16)
- Re: Naptha - New DoS Bruno Morisson (Dec 17)
- Re: Naptha - New DoS White Vampire (Dec 09)
- Re: Naptha - New DoS Carl-Johan Bostorp (Dec 08)
- Re: Naptha - New DoS Lincoln Yeoh (Dec 09)
- Re: Naptha - New DoS Michael H. Warfield (Dec 09)
- Re: Naptha - New DoS Jose Nazario (Dec 09)
- Re: Naptha - New DoS Ron DuFresne (Dec 09)
- Message not available
- Re: Naptha - New DoS Lincoln Yeoh (Dec 09)
- <Possible follow-ups>
- Re: Naptha - New DoS Jonas Thambert (Dec 09)
- Re: Naptha - New DoS Simple Nomad (Dec 11)