Bugtraq mailing list archives
Re: FIN_WAIT_1 DoS (netkill): Why the vulnerability still exists?
From: stanislav shalunov <shalunov () internet2 edu>
Date: 25 Jul 2001 16:07:12 -0400
woods () weird com (Greg A. Woods) writes:
[ On , July 24, 2001 at 15:05:10 (-0400), stanislav shalunov wrote: ]
(I'd rather throw away random connections, with preference to those that eat a lot of buffer space).That seems illogical given the nature of the problem.
[Suggestions on how to make changes to the kernel to make a particular netkill script ineffective snipped.] It's a solution to the wrong problem. You assume very specific scenario and then proceed to state that attackers won't even change it to the extent of sending another packet per connection. Can you somehow substantiate this statement? What exactly will prevent them from adding a dozen more lines to netkill? You must have a very optimistic threat model. Your scenario also assumes that it'll be necessarily new FIN_WAIT_1 connections that eat the buffer space instead of addressing a general problem: What do you do when your finite buffer space is exhausted while TCP spec tells you you need to maintain yet more state? At any rate, BUGTRAQ isn't the place to solve this general problem. Tsvwg might be... -- Stanislav Shalunov http://www.internet2.edu/~shalunov/ Letters in this message are closer than they appear.
Current thread:
- FIN_WAIT_1 DoS: Why the vulnerability still exists? Manas Garg (Jul 24)
- Re: FIN_WAIT_1 DoS (netkill): Why the vulnerability still exists? stanislav shalunov (Jul 24)
- Re: FIN_WAIT_1 DoS (netkill): Why the vulnerability still exists? Greg A. Woods (Jul 25)
- Re: FIN_WAIT_1 DoS (netkill): Why the vulnerability still exists? stanislav shalunov (Jul 26)
- Re: FIN_WAIT_1 DoS (netkill): Why the vulnerability still exists? Greg A. Woods (Jul 25)
- Re: FIN_WAIT_1 DoS (netkill): Why the vulnerability still exists? stanislav shalunov (Jul 24)