Re: DoS/DDoS on port 1863(MSN protocol)

From: Tillman Hodgson (tillman_at_seekingfire.com)
Date: 09/28/04

  • Next message: Kirby Angell: "Localhost packets on WAN"
    Date: Mon, 27 Sep 2004 17:00:22 -0600
    To: incidents@securityfocus.com
    
    

    On Mon, Sep 27, 2004 at 11:08:44AM -0700, Kevin Reardon wrote:
    > There is also no application information in a TCP SYN packet. 60
    > bytes, that's all you got.

    Data certainly can appear in SYN packets.

    RFC 793 section 3.4 allows data in SYN packets, saying ``this is
    perfectly legitimate, so long as the receiving TCP doesn't deliver the
    data to the user until it is clear the data is valid (i.e., the data
    must be buffered at the receiver until the connection reaches the
    ESTABLISHED state)''. In fact, it appears to be the only time that data
    is permitted in the packet without the ACK bit also being set. This can
    conceivably be used for benign purposes as it can reduce the latency of
    short-lived TCP connections.

    -T

    -- 
    There is no such thing as a law of nature.  There is only a series of laws 
    relating to man's practical experience with nature.  These are laws of man's 
    activities.  They change as man's activities change.
    	- Pardot Kynes, An Arrakis Primer
    

  • Next message: Kirby Angell: "Localhost packets on WAN"

    Relevant Pages