Nmap Development mailing list archives
Re: TCP Resource Exhaustion Attacks
From: "Robert E. Lee" <robert () outpost24 com>
Date: Mon, 6 Oct 2008 09:34:41 +0100
On Oct 6, 2008, at 8:12 AM, Fyodor wrote:
Even if the four bytes you are squirreling away in the ISN were essential, it seems like a stretch to describe that storage issue as "why Full Connection Flooding isn't more popular". You've mentioned in the podcast that your attacks tend to require 10-40 packets per second. At four bytes stored per packet, that is up to 160 bytes per second, or 14 megabytes per day-long attack. My cell phone can easily store that. And if you need to send packets so quickly that the required state is overwhelming, it isn't a low-bandwidth attack anymore and you might as well be doing a simple packet flood instead.
Those slides cover most things we thought someone might need to know to build up to what we're actually doing. Those slides don't actually describe any of the vulnerabilities that we're alarmed about.
Also, I'm sorry if it sounds like I'm attacking you specifically, but we've seen many cases of this "partial disclosure" nonsense lately, and they all seem to lead to the "out of control barrage of fear mongering" you describe. So I finally decided to put my foot down and have my say. Even if nobody listens to me, I feel better for having said it :).
:). We're all entitled to our opinions. I respectfully remind you that you are missing or forgetting important behind the scenes details of how we got to this point, but we're here now either way.
As long as the vendors are working with us, we see no compelling reason to appease the internet security research community as a whole with full disclosure details. That doesn't help anyone at this point, so the "put up or shut up" line of reasoning comes off as silly.
That said, we are under no contractual obligation to withhold details. If you really believe you can make a difference fixing the problems, then I would encourage you to contact me or cert-fi and join that effort.
Robert -- Robert E. Lee Chief Security Officer Outpost24 - One Step Ahead http://www.outpost24.com SE Phone: +46-8-559-21231 US Phone: +1 801-542-9292 email: robert () outpost24 com http://blog.robertlee.name _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- TCP Resource Exhaustion Attacks Fyodor (Oct 02)
- Re: TCP Resource Exhaustion Attacks Michael Pattrick (Oct 02)
- Re: TCP Resource Exhaustion Attacks Ron (Oct 02)
- Re: TCP Resource Exhaustion Attacks Fyodor (Oct 02)
- Re: TCP Resource Exhaustion Attacks RB (Oct 02)
- Re: TCP Resource Exhaustion Attacks Fyodor (Oct 02)
- Re: TCP Resource Exhaustion Attacks doug (Oct 02)
- Re: TCP Resource Exhaustion Attacks Brandon Enright (Oct 02)
- Re: TCP Resource Exhaustion Attacks Robert E . Lee (Oct 03)
- Re: TCP Resource Exhaustion Attacks Fyodor (Oct 06)
- Re: TCP Resource Exhaustion Attacks Robert E. Lee (Oct 06)
- Re: TCP Resource Exhaustion Attacks Kris Katterjohn (Oct 06)
- Re: TCP Resource Exhaustion Attacks Brandon Enright (Oct 02)
- Re: TCP Resource Exhaustion Attacks Fyodor (Oct 06)