nanog mailing list archives
Re: Massive stupidity (Was: Re: TCP vulnerability)
From: Mike Tancsa <mike () sentex net>
Date: Tue, 20 Apr 2004 21:23:46 -0400
At 05:09 PM 20/04/2004, Richard A Steenbergen wrote:
party to know which side won the collision handling. Therefore you need 262144 packets * 3976 ephemeral ports (assuming both sides are jnpr, again worst case) * 2 (to figure out who was the connecter and who was the accepter) = 2084569088 packets to exhaustively search all space on this one single Juniper to Juniper session. Now, lets just for the sake of argument say that the router is capable of actively processing 10,000 packets/sec of rst (a fairly exagerated number) and still have this be considered a tcp attack instead of a straight DoS against the routing engine. This will still take 208456 seconds, or 57.9 hours.
<snip> I dont understand why the large differences in claims http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcpsecure-00.txt says Modern operating systems normally default the RCV.WND to about 32,768 bytes. This means that a blind attacker need only guess 65,535 RST segments (2^^32/(RCV.WND*2)) in order to reset a connection. At DSL speeds this means that most connections (assuming the attacker can accurately guess both ports) can be reset in under 200 seconds (usually far less). With the rise of broadband availability and increasing available bandwidth, many Operating Systems have raised their default RCV.WND to as much as 64k, thus making these attacks even easier.Also, with the various 'bots' at peoples disposal, why the assumption the attack would not be distributed.
---Mike
Current thread:
- TCP vulnerability Grant A. Kirkwood (Apr 20)
- Re: TCP vulnerability Aviva Garrett (Apr 20)
- Re: TCP vulnerability Joe Abley (Apr 20)
- Re: TCP vulnerability Randy Bush (Apr 20)
- Re: TCP vulnerability Joe Abley (Apr 20)
- Re: TCP vulnerability Stephen Stuart (Apr 20)
- Re: TCP vulnerability Tom (UnitedLayer) (Apr 20)
- Re: TCP vulnerability Joe Abley (Apr 20)
- Re: TCP vulnerability Aviva Garrett (Apr 20)
- Massive stupidity (Was: Re: TCP vulnerability) Richard A Steenbergen (Apr 20)
- Re: Massive stupidity (Was: Re: TCP vulnerability) Sean Donelan (Apr 20)
- Re: Massive stupidity (Was: Re: TCP vulnerability) Mike Tancsa (Apr 20)
- Re: Massive stupidity (Was: Re: TCP vulnerability) Patrick W . Gilmore (Apr 20)
- TCP/BGP vulnerability - easier than you think David Luyer (Apr 20)
- Re: TCP/BGP vulnerability - easier than you think Patrick W . Gilmore (Apr 20)
- Re: TCP/BGP vulnerability - easier than you think Rob Thomas (Apr 20)
- Re: TCP/BGP vulnerability - easier than you think Joe Abley (Apr 20)
- RE: TCP/BGP vulnerability - easier than you think David Luyer (Apr 20)
- Re: TCP/BGP vulnerability - easier than you think Adam Rothschild (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think E.B. Dreger (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think E.B. Dreger (Apr 22)
- Re: TCP/BGP vulnerability - easier than you think Iljitsch van Beijnum (Apr 21)