Re: TCP RST attack

• Previous message: Dag-Erling Smørgrav: "Re: TCP RST attack"
• In reply to: Dag-Erling Smørgrav: "Re: TCP RST attack"
• Next in thread: masta: "Re: TCP RST attack"
• Reply: masta: "Re: TCP RST attack"
• Reply: Crist J. Clark: "Re: TCP RST attack"
• Reply: Dragos Ruiu: "Re: TCP RST attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 20 Apr 2004 14:43:25 -0400
To: des@des.no (Dag-Erling Smørgrav )

At 02:26 PM 20/04/2004, Dag-Erling Smørgrav wrote:
>Dragos Ruiu <dr@kyx.net> writes:
> > On April 20, 2004 10:44 am, Dag-Erling Smørgrav wrote:
> > > The advisory grossly exaggerates the impact and severity of this
> > > fea^H^H^Hbug. The attack is only practical if you already know the
> > > details of the TCP connection you are trying to attack, or are in a
> > > position to sniff it.
> > This is not true. The attack does not require sniffing.
>
>You need to know the source and destination IP and port. In most
>cases, this means sniffing. BGP is easier because the destination
>port is always 179 and the source and destination IPs are recorded in
>the whois database, but you still need to know the source port.

While true, you do need the source port, how long will it take to
programmatically go through the possible source ports in an attack ? That
only adds 2^16-1024 to blast through

         ---Mike

>DES
>--
>Dag-Erling Smørgrav - des@des.no

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Dag-Erling Smørgrav: "Re: TCP RST attack"
• In reply to: Dag-Erling Smørgrav: "Re: TCP RST attack"
• Next in thread: masta: "Re: TCP RST attack"
• Reply: masta: "Re: TCP RST attack"
• Reply: Crist J. Clark: "Re: TCP RST attack"
• Reply: Dragos Ruiu: "Re: TCP RST attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]