Date: Wed, 21 Apr 2004 06:31:30 -0500 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Dragos Ruiu <dr@kyx.net> Cc: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= <des@des.no> Subject: Re: TCP RST attack Message-ID: <20040421113130.GA19738@lum.celabo.org> In-Reply-To: <200404201332.40827.dr@kyx.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Apr 20, 2004 at 01:32:40PM -0700, Dragos Ruiu wrote: > That's what this thing boils down to imho - the > space you have to blast through, the time you have to do it in, and > the bandwidth/rate available to do it. And there are competing factors, > and questions about what are the real world values. I'm still waiting > on final answers... Consider that on a T1, you can generate 1536 Mbps = ~4800 RSTs per second. If you know ((src addr, src port), (dst addr, dst port)), and assume a 32K window, then you need to send at most about 2^17 RST packets to hit your target. 2^17 / 4800 =~ 27 seconds. If you have to guess the source port, then we're talking about 2^16 times as many packets needed, which is still `only' about 20 days. Of course, the window is sliding during that time... I'm not sure right now if that makes your chances better or worse :-) Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040421113130.GA19738>