Re: TCP Resource Exhaustion Attacks

[doug () hcsw org]

Hi all,

I initially discounted this as a hoax because of the following
news article:

http://www.darkreading.com/blog.asp?blog_sectionid=403&doc_id=164939&WT.svl=tease2_2

"""
Robert and I talk a lot, and I asked him if he'd be willing to
DoS us, and he flatly said, "Unfortunately, it may affect other
devices between here and there so it's not really a good idea."
"""

Along with the info that this attack targets TCP stacks, this
sounds very suspect to me. Except for possibly TCP-level
filters at the end-points or wasted network bandwidth,
I fail to see how an attack against TCP stacks could affect
devices in between.

Maybe this is a case of journalists twisting his words. It's
hard to tell with so little info and I look forward to reading
the report in full.

No idea if it is related or not, but there was a presentation
about a new class of DoS attacks at CanSecWest 2007 that I
found interesting and scary:

V. Anil Kumar - National Aerospace Laboratories, Bangalore
Low-Rate Denial-of-Service attacks

It involves initiating a large file transfer using a modified
TCP stack that sends ACK packets before it receives data.
The objective is to saturate the target's upstream bandwidth
by sending very few packets yourself.

Doug

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org