North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Massive stupidity (Was: Re: TCP vulnerability)

  • From: Alexei Roudnev
  • Date: Thu Apr 22 03:28:38 2004

Assuming that he do not know port number and must try 20 - 40 ports, it
takes 200 * 10 = 2000 seconds to resert a single session... Useless except a
very special cases 9such as a big community decided to knock down SCO, for
example).



>
> At 05:09 PM 20/04/2004, Richard A Steenbergen wrote:
>
> >party to know which side won the collision handling. Therefore you need
> >262144 packets * 3976 ephemeral ports (assuming both sides are jnpr,
again
> >worst case) * 2 (to figure out who was the connecter and who was the
> >accepter) = 2084569088 packets to exhaustively search all space on this
> >one single Juniper to Juniper session. Now, lets just for the sake of
> >argument say that the router is capable of actively processing 10,000
> >packets/sec of rst (a fairly exagerated number) and still have this be
> >considered a tcp attack instead of a straight DoS against the routing
> >engine. This will still take 208456 seconds, or 57.9 hours.
> <snip>
> I dont understand why the large differences in claims
>
> http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcpsecure-00.txt
>
> says
>     Modern operating
>     systems normally default the RCV.WND to about 32,768 bytes. This
>     means that a blind attacker need only guess 65,535 RST segments
>     (2^^32/(RCV.WND*2)) in order to reset a connection. At DSL speeds
>     this means that most connections (assuming the attacker can
>     accurately guess both ports) can be reset in under 200 seconds
>     (usually far less). With the rise of broadband availability and
>     increasing available bandwidth, many Operating Systems have raised
>     their default RCV.WND to as much as 64k, thus making these attacks
>     even easier.
>
>
> Also, with the various 'bots' at peoples disposal, why the assumption the
> attack would not be distributed.
>
>          ---Mike
>