North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Massive stupidity (Was: Re: TCP vulnerability)
Assuming that he do not know port number and must try 20 - 40 ports, it takes 200 * 10 = 2000 seconds to resert a single session... Useless except a very special cases 9such as a big community decided to knock down SCO, for example). > > At 05:09 PM 20/04/2004, Richard A Steenbergen wrote: > > >party to know which side won the collision handling. Therefore you need > >262144 packets * 3976 ephemeral ports (assuming both sides are jnpr, again > >worst case) * 2 (to figure out who was the connecter and who was the > >accepter) = 2084569088 packets to exhaustively search all space on this > >one single Juniper to Juniper session. Now, lets just for the sake of > >argument say that the router is capable of actively processing 10,000 > >packets/sec of rst (a fairly exagerated number) and still have this be > >considered a tcp attack instead of a straight DoS against the routing > >engine. This will still take 208456 seconds, or 57.9 hours. > <snip> > I dont understand why the large differences in claims > > http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcpsecure-00.txt > > says > Modern operating > systems normally default the RCV.WND to about 32,768 bytes. This > means that a blind attacker need only guess 65,535 RST segments > (2^^32/(RCV.WND*2)) in order to reset a connection. At DSL speeds > this means that most connections (assuming the attacker can > accurately guess both ports) can be reset in under 200 seconds > (usually far less). With the rise of broadband availability and > increasing available bandwidth, many Operating Systems have raised > their default RCV.WND to as much as 64k, thus making these attacks > even easier. > > > Also, with the various 'bots' at peoples disposal, why the assumption the > attack would not be distributed. > > ---Mike >
|