RE: Yahoo Messenger Stale Sessions

[<Leonard.Ong () nokia com>]

I haven't tried this on Linux.....
I guess nobody cares about having zombie sessions on their machine.... Have to come up with a proof of concept attacks.


Regards,
Leonard Ong
Network Security Specialist, APAC
NOKIA

Email.  Leonard.Ong () nokia com
Mobile. +65 9431 6184
Phone.  +65 6723 1724
Fax.    +65 6723 1596



-----Original Message-----
From: ext phani () myrealbox com [mailto:phani () myrealbox com]
Sent: Saturday, November 16, 2002 7:21 PM
To: security-basics () securityfocus com
Subject: Re: Yahoo Messenger Stale Sessions


On Wed, Nov 13, 2002 at 01:50:49PM +0800, Leonard.Ong () nokia com wrote:
hi,
  As you mentioned if the OS has to perform cleanup and if Windows(I am assuming you are working on windows) does not 
do that then is this a flaw with the TCP/IP stack implementation of Windows ? How does it happen in Linux ? Any idea..
thx
phani


> Hi,
>
> Yet, the OS should perform cleanup by implementing a tcp timeout ( default 3600 seconds ).  There are many protocols 
> that doesn't send a FIN packet, yet they manage to terminate the session.
>
>
> Regards,
> Leonard Ong
> Network Security Specialist, APAC
> NOKIA
>
> Email.  Leonard.Ong () nokia com
> Mobile. +65 9431 6184
> Phone.  +65 6723 1724
> Fax.    +65 6723 1596
>
>
> Hmm, I'm not an expert in this, but I do realize if the 4-way handshake for
> terminating a connection is not done properly, e.g. the user switched off
> his dial-up modem abruptly, it would cause the "stale/zombie" sessions
> described as above. The dial-up machine will not have the opportunity to
> send the FIN to your machine.
>
> You probably need to know the sequence number, source port, destination port
> as well as source IP and destination IP (which you should know).