Date: Tue, 20 Apr 2004 14:43:25 -0400 From: Mike Tancsa <mike@sentex.net> To: des@des.no (Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= ) Cc: freebsd-security@freebsd.org Subject: Re: TCP RST attack Message-ID: <6.0.3.0.0.20040420144001.0723ab80@209.112.4.2> In-Reply-To: <xzp65buh5fa.fsf@dwp.des.no> References: <6.0.3.0.0.20040420125557.06b10d48@209.112.4.2> <xzphdve35oa.fsf@dwp.des.no> <200404201113.27737.dr@kyx.net> <xzp65buh5fa.fsf@dwp.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
At 02:26 PM 20/04/2004, Dag-Erling Sm=F8rgrav wrote:
>Dragos Ruiu <dr@kyx.net> writes:
> > On April 20, 2004 10:44 am, Dag-Erling Sm=F8rgrav wrote:
> > > The advisory grossly exaggerates the impact and severity of this
> > > fea^H^H^Hbug. The attack is only practical if you already know the
> > > details of the TCP connection you are trying to attack, or are in a
> > > position to sniff it.
> > This is not true. The attack does not require sniffing.
>
>You need to know the source and destination IP and port. In most
>cases, this means sniffing. BGP is easier because the destination
>port is always 179 and the source and destination IPs are recorded in
>the whois database, but you still need to know the source port.
While true, you do need the source port, how long will it take to=20
programmatically go through the possible source ports in an attack ? That=20
only adds 2^16-1024 to blast through
---Mike
>DES
>--
>Dag-Erling Sm=F8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.0.3.0.0.20040420144001.0723ab80>