Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 13 May 1999 22:52:38 -0700 (PDT)
From:      Thamer Al-Herbish <shadows@whitefang.com>
To:        security@FreeBSD.ORG
Subject:   Re: Forwarded from BUGTRAQ: SYN floods against FreeBSD
Message-ID:  <Pine.BSF.4.05.9905132247030.253-100000@rage.whitefang.com>
In-Reply-To: <199905140546.WAA06542@salsa.gv.tsc.tdk.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 13 May 1999, Don Lewis wrote:

> to vulnerable ports by filtering out incoming SYN packets.  If an attacker
> can guess what sequence number you would have sent in a SYN-ACK, he can
> establish a connection by just sending the third packet in the initial
> three-way handshake.  This isn't especially easy to brute force because

The syn-cookie work around does not make it any easier to guess the
sequence number. You would need the actual secret that changes every
so often to come up with it. This secret is hashed with the ISN from
the packet and the addresses on the packet. Knowing the ISN and the
addresses is irrelevant because the hash is not reversible. Unless
the interval where the secret would change was exceptionally long,
it is doubtful you can crack a 32-bit secret.

My understanding of the syn cookie mechanism leads me to believe
that is not possible to brute force it with conventional computer
power. Maybe in a few years with faster computers it would be.

--
Thamer Al-Herbish                     PGP public key:
shadows@whitefang.com                 http://www.whitefang.com/pgpkey.txt
[ The Secure UNIX Programming FAQ     http://www.whitefang.com/sup/  ]



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9905132247030.253-100000>