Date: Thu, 13 May 1999 22:52:38 -0700 (PDT) From: Thamer Al-Herbish <shadows@whitefang.com> To: security@FreeBSD.ORG Subject: Re: Forwarded from BUGTRAQ: SYN floods against FreeBSD Message-ID: <Pine.BSF.4.05.9905132247030.253-100000@rage.whitefang.com> In-Reply-To: <199905140546.WAA06542@salsa.gv.tsc.tdk.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 13 May 1999, Don Lewis wrote: > to vulnerable ports by filtering out incoming SYN packets. If an attacker > can guess what sequence number you would have sent in a SYN-ACK, he can > establish a connection by just sending the third packet in the initial > three-way handshake. This isn't especially easy to brute force because The syn-cookie work around does not make it any easier to guess the sequence number. You would need the actual secret that changes every so often to come up with it. This secret is hashed with the ISN from the packet and the addresses on the packet. Knowing the ISN and the addresses is irrelevant because the hash is not reversible. Unless the interval where the secret would change was exceptionally long, it is doubtful you can crack a 32-bit secret. My understanding of the syn cookie mechanism leads me to believe that is not possible to brute force it with conventional computer power. Maybe in a few years with faster computers it would be. -- Thamer Al-Herbish PGP public key: shadows@whitefang.com http://www.whitefang.com/pgpkey.txt [ The Secure UNIX Programming FAQ http://www.whitefang.com/sup/ ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9905132247030.253-100000>