Re: explanation and code for stream.c issues

From: Vladimir Dubrovin (vladat_private)
Date: Sat Jan 22 2000 - 03:14:29 PST

Next message: Nathanael Lierly: "Re: Microimages X Server for Win - Vulnerability"

Previous message: FEAR Advisories: "*BSD procfs vulnerability"
Maybe in reply to: Tim Yardley: "explanation and code for stream.c issues"
Next in thread: Brett Glass: "Re: explanation and code for stream.c issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello Don Lewis,

22.01.00 13:58, you wrote: explanation and code for stream.c issues;

D> } Intruder sends SYN packet and then sends, lets say 1000 ACK packets to
D> } the  same port from same port and source address. SYN packet will open
D> } ipfilter  to  pass  all  others  packets.  This  attack  doesn't  need
D> } randomization for each packet.

D> Instead of producing RST responses, this will produce ACKs. Your earlier
D> comment about this prompted my comment in another thread about the
D> possible need to rate limit ACK packets.

This  will  not  produce  ACK packets, if ACK send by intruder doesn't
conform  sequence  number  in the SYN/ACK response of victim. Original
stream.c used

    packet.tcp.th_ack           = 0;

i changed to

    packet.tcp.th_ack = random();
    for ACK packets.

But  it's  not  principial  - victim will reply RST for this packet in
most cases.


  +=-=-=-=-=-=-=-=-=+
  |Vladimir Dubrovin|
  | Sandy Info, ISP |
  +=-=-=-=-=-=-=-=-=+

Next message: Nathanael Lierly: "Re: Microimages X Server for Win - Vulnerability"
Previous message: FEAR Advisories: "*BSD procfs vulnerability"
Maybe in reply to: Tim Yardley: "explanation and code for stream.c issues"
Next in thread: Brett Glass: "Re: explanation and code for stream.c issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:29:57 PDT