Re: TCP RST attack
On April 20, 2004 11:43 am, Mike Tancsa wrote:
> At 02:26 PM 20/04/2004, Dag-Erling Sm=F8rgrav wrote:
> >Dragos Ruiu <dr@kyx.net> writes:
> > > On April 20, 2004 10:44 am, Dag-Erling Sm=F8rgrav wrote:
> > > > The advisory grossly exaggerates the impact and severity of this
> > > > fea^H^H^Hbug. The attack is only practical if you already know the
> > > > details of the TCP connection you are trying to attack, or are in a
> > > > position to sniff it.
> > >
> > > This is not true. The attack does not require sniffing.
> >
> >You need to know the source and destination IP and port. In most
> >cases, this means sniffing. BGP is easier because the destination
> >port is always 179 and the source and destination IPs are recorded in
> >the whois database, but you still need to know the source port.
>
> While true, you do need the source port, how long will it take to
> programmatically go through the possible source ports in an attack ? That
> only adds 2^16-1024 to blast through
Also keep in mind ports are predictable to varying degrees depending on
the vendor or OS, which further reduces the brute force space you have to=20
go though without sniffing. That's what this thing boils down to imho - the
space you have to blast through, the time you have to do it in, and=20
the bandwidth/rate available to do it. And there are competing factors,
and questions about what are the real world values. I'm still waiting
on final answers...
cheers,
=2D-dr
=2D-=20
Top security experts. Cutting edge tools, techniques and information.
Vancouver, Canada April 21-23 2004 http://cansecwest.com
pgpkey http://dragos.com/ kyxpgp
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 9 之 24 篇):