Bugtraq mailing list archives
the next generation of nuke.c
From: iceman () MBnet MB CA (Oliver Friedrichs)
Date: Thu, 26 Jan 1995 00:55:29 -0600 (CST)
More of a denial of service attack, but with the current discussion on bugtraq/firewalls regarding sequence number guessing, I thought I'd put forward a method on killing an established TCP connection, besides the (mis)usage of ICMP unreachable messages. It would also appear, that although this attack is more difficult to launch, it would also be more difficult to prevent. Since it's possible to guess sequence numbers of the packets in a TCP connection, it seems it would be possible to then send a fake FIN message to our target, followed directly by an ACK to acknowledge the closing of the connection. If you wanted to kill a connection, all you would have to do is flood one of the ends with FIN/ACK packets until you get the sequence numbers correct. - Oliver
Current thread:
- Re: NFS packet blocking (Was Mouse EXPLOIT info...), (continued)
- Re: NFS packet blocking (Was Mouse EXPLOIT info...) Karl Strickland (Jan 23)
- Re: NFS packet blocking (Was Mouse EXPLOIT info...) Bennett Todd (Jan 23)
- Re: NFS packet blocking (Was Mouse EXPLOIT info...) Timothy Newsham (Jan 23)
- A quick patch to help against TCP ISN guessing. Darren Reed (Jan 23)
- Re: NFS packet blocking (Was Mouse EXPLOIT info...) Jas (Jan 22)
- NYT Article this morning Rens Troost (Jan 23)
- Re: NYT Article this morning Perry E. Metzger (Jan 23)
- Solaris 2.3 PPP Jake Hill (Jan 24)
- Recent troubles der Mouse (Jan 24)
- Re: NYT Article this morning Jim Duncan (Jan 24)
- the next generation of nuke.c Oliver Friedrichs (Jan 25)
- the next generation of nuke.c Scott D. Yelich (Jan 26)
- IP_FORWARDING re-enabled? pluvius (Jan 26)
- Re: IP_FORWARDING re-enabled? Pete Shipley (Jan 26)