Bugtraq mailing list archives
Re: FIN_WAIT_1 DoS (netkill): Why the vulnerability still exists?
From: stanislav shalunov <shalunov () internet2 edu>
Date: 24 Jul 2001 15:05:10 -0400
Manas Garg <mls () chakpak net> writes:
Stanislav Shalunov has described it fairly well and following is one of the locations where what he wrote can be found: http://security-archive.merton.ox.ac.uk/bugtraq-200004/0156.html
This particular archive HTMLizes messages, so it may be inconvenient to get the code out of there. See http://www.internet2.edu/~shalunov/netkill/
Solaris (2.8): Well, it silently discarded the old connections to keep the number of connections to 450 (approximately). Didn't check the RAM and swap on this machine but what matters is that it was taking some action to avoid a FIN_WAIT_1 DoS attack.
Solaris 2.8 doing something a good news. However, I don't believe that throwing away the oldest connections is the best strategy here (I'd rather throw away random connections, with preference to those that eat a lot of buffer space).
2. Is there a particular reason that this vulnerability still exists in these Opearting Systems?
Well, it isn't very obvious what to do about it. And breaking the standard is undesirable. Soemthing has to be done about the spec. Ad hoc solutions, different for each OS, could easily lead to unpredictable TCP reliability failures. -- Stanislav Shalunov http://www.internet2.edu/~shalunov/ Sex is the mathematics urge sublimated. -- M. C. Reed.
Current thread:
- FIN_WAIT_1 DoS: Why the vulnerability still exists? Manas Garg (Jul 24)
- Re: FIN_WAIT_1 DoS (netkill): Why the vulnerability still exists? stanislav shalunov (Jul 24)
- Re: FIN_WAIT_1 DoS (netkill): Why the vulnerability still exists? Greg A. Woods (Jul 25)
- Re: FIN_WAIT_1 DoS (netkill): Why the vulnerability still exists? stanislav shalunov (Jul 26)
- Re: FIN_WAIT_1 DoS (netkill): Why the vulnerability still exists? Greg A. Woods (Jul 25)
- Re: FIN_WAIT_1 DoS (netkill): Why the vulnerability still exists? stanislav shalunov (Jul 24)