North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DoS, ICMP, proxies, SYNDefender

  • From: Tim Bass
  • Date: Fri Oct 04 16:26:01 1996

Well then, Mike,

I disagree with your thought process.  You can send ICMP unreachables
all day long today!  It only strengthens the protocol to send the
correct error messages and to respond to the protocol conditions
correctly.
  
Also, you have not responded by a valid technical question, but
are hand-waving... I'll ask again.  How do you propose a hack
can do these three things at the same time.

(1) Know the state of a TCP connection (SYN_RCVD).
(2) Know the sequence number of the response,
(3) Know a random code in the identifier field,
(4) Know the both source and destination address of connection;
(5) Know the exact time window of the SYN-ACK/SYN-SYN handshake.

If you, Mike, can break this, and explain how do do it, then
we can add    

(6) MD5 authentication to ICMP.

BTW, after you explain in detail how to spoof (1)-(5) then
I would like to ask you a favor.... 

I would appreciate it if you would not give credit to for 
ICMP UNREACHABLE to me.  ICMP UNREACHABLE errors are in specified
in RFC 793.   Please 'redirect' this credit elsewhere.  It is
not my original idea.  All I am asking is for the procotcol
to work as designed so I can have one more piece of info
to use in an algorithm.

I await your technical reply on how to defeat the conditions
1-5 above, and if you can, then add 6 and explain how
do defeat that as well. 

Somewhat Patiently (but anxiously awaiting technical answers),

Tim



- - - - - - - - - - - - - - - - -