Re: DoS/DDoS on port 1863(MSN protocol)
From: Tillman Hodgson (tillman_at_seekingfire.com)
Date: Mon, 27 Sep 2004 17:00:22 -0600 To: firstname.lastname@example.org
On Mon, Sep 27, 2004 at 11:08:44AM -0700, Kevin Reardon wrote:
> There is also no application information in a TCP SYN packet. 60
> bytes, that's all you got.
Data certainly can appear in SYN packets.
RFC 793 section 3.4 allows data in SYN packets, saying ``this is
perfectly legitimate, so long as the receiving TCP doesn't deliver the
data to the user until it is clear the data is valid (i.e., the data
must be buffered at the receiver until the connection reaches the
ESTABLISHED state)''. In fact, it appears to be the only time that data
is permitted in the packet without the ACK bit also being set. This can
conceivably be used for benign purposes as it can reduce the latency of
short-lived TCP connections.
-- There is no such thing as a law of nature. There is only a series of laws relating to man's practical experience with nature. These are laws of man's activities. They change as man's activities change. - Pardot Kynes, An Arrakis Primer