Vulnerability Development mailing list archives

Re: Naptha - New DoS

From: Sebastian <scut () NB IN-BERLIN DE>
Date: Sat, 9 Dec 2000 09:42:08 +0100

Hi.

On Fri, Dec 08, 2000 at 09:14:50AM +0000, rpc wrote:

On reading the Razor advisory, it seems the attack involves spoofing as well as
sniffing.
There is a daemon running on a machine on the same LAN as the victem, which
listens for the spoofed SYN packets, and the SYN/ACK reply from the victem.
The sniffing daemon then forges the last ACK of the handshake, from the spoof
to the victem.        Thus the victem thinks the TCP connection is ESTABLISHED and
legitmate.  Repeat.


This is exactly the same as the "3wahas" flood utility does. Since over one
and a half year. (get it from teso.scene.at/releases.php)

ciao,
scut

--
- scut () nb in-berlin de - http://nb.in-berlin.de/scut/ --- you don't need a --
-- lot of people to be great, you need a few great to be the best ------------
http://3261000594/scut/pgp - 5453 AC95 1E02 FDA7 50D2 A42D 427E 6DEF 745A 8E07
-- CSMC_TOP_SECRET_ATOMAL.tar.bz2, 69043590 bytes received in 381.4 seconds --

Current thread:

Naptha - New DoS White Vampire (Dec 08)
- Re: Naptha - New DoS Carl-Johan Bostorp (Dec 08)
  - Re: Naptha - New DoS White Vampire (Dec 09)
    - Message not available
    - Re: Naptha - New DoS White Vampire (Dec 09)
    - Re: Naptha - New DoS rpc (Dec 09)
    - Re: Naptha - New DoS Sebastian (Dec 10)
    - Re: Naptha - New DoS Damian Menscher (Dec 10)
    - Re: Naptha - New DoS Filipe Almeida (Dec 16)
    - Re: Naptha - New DoS Bruno Morisson (Dec 17)
    - Re: Naptha - New DoS Lincoln Yeoh (Dec 09)
    - Re: Naptha - New DoS Michael H. Warfield (Dec 09)
    - Re: Naptha - New DoS Jose Nazario (Dec 09)
- Re: Naptha - New DoS Lincoln Yeoh (Dec 09)
  - Re: Naptha - New DoS Ron DuFresne (Dec 09)
  - Message not available
    - Re: Naptha - New DoS Lincoln Yeoh (Dec 09)
- <Possible follow-ups>
- Re: Naptha - New DoS Jonas Thambert (Dec 09)

(Thread continues...)