TCP RST attack
masta
diz at linuxpowered.com
Tue Apr 20 13:23:47 PDT 2004
Does anybody remember this:
http://lcamtuf.coredump.cx/newtcp/
This seems fairly clear to me that guessing our tcp sequences is near
omnipotent power.
-Jon
Mike Tancsa wrote:
> At 02:26 PM 20/04/2004, Dag-Erling Smørgrav wrote:
>
>> Dragos Ruiu <dr at kyx.net> writes:
>> > On April 20, 2004 10:44 am, Dag-Erling Smørgrav wrote:
>> > > The advisory grossly exaggerates the impact and severity of this
>> > > fea^H^H^Hbug. The attack is only practical if you already know the
>> > > details of the TCP connection you are trying to attack, or are in a
>> > > position to sniff it.
>> > This is not true. The attack does not require sniffing.
>>
>> You need to know the source and destination IP and port. In most
>> cases, this means sniffing. BGP is easier because the destination
>> port is always 179 and the source and destination IPs are recorded in
>> the whois database, but you still need to know the source port.
>
>
> While true, you do need the source port, how long will it take to
> programmatically go through the possible source ports in an attack ?
> That only adds 2^16-1024 to blast through
>
> ---Mike
>
>
>
>
>
>> DES
>> --
>> Dag-Erling Smørgrav - des at des.no
>
>
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
> "freebsd-security-unsubscribe at freebsd.org"
>
More information about the freebsd-security
mailing list