North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DoS, ICMP, proxies, SYNDefender

  • From: Perry E. Metzger
  • Date: Thu Oct 03 20:05:55 1996

Tim Bass writes:
> If you are an attacker and know your target host is about
> to set up a connection with a particular host address,
> then if you timed it exactly right you could nuke the
> connection during one state of the TCP connection,
> SYN_RCVD.

Yup. If you don't think this is a serious problem, well, I can think
right away of how to use such a defect to cause serious harm to the
infrastructure of the net. Indeed, I can think of two.

We are trying to reduce the number of ways that forged packets can be
used to cause harm, not open new ones.

> So, if you can guess sequence numbers, ip addresses, and the
> exact state on the connection.....  er..

What makes you think you can't?  You CAN guess sequence numbers, and
pretty consistantly. The paper by Bob Morris on how to do it is nearly
a decade old.

We have a simple and practical pair of ways of dealing with this:
ingress filtering and host hardening. Lets stick with things that
cause no additional harm, shall we?

Perry
- - - - - - - - - - - - - - - - -