Date: Thu, 19 Jul 2001 01:14:25 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: Barry Pederson <bpederson@geocities.com> Cc: freebsd-arch@FreeBSD.ORG Subject: Re: TCP Initial Sequence Numbers: We need to talk Message-ID: <3B5696E1.3A038FF5@mindspring.com> References: <001101c10fcc$7a7927f0$a586fa18@chris> <20010718160345.J74461@prism.flugsvamp.com> <3B561053.6370CEE8@geocities.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Barry Pederson wrote: > Jonathan Lemon wrote: > > > > Its not feasible; he's overlooking several things. Among them > > are: 1. it is susceptible to replay attacks, 2. the secret is > > per IP, and 3. "having the response go nowhere" is not a valid > > defense, if the attacker can guess it. > > 1, 2. It's protecting against spoofed SYN floods, the replay attack > would have to be a non-spoofed ACK flood (since the attacker could > probably figure out their own token) --or-- the attacker was also > sniffing your network, could see what was in the outgoing SYN/ACK > packets at least once for each spoofed IP, and then flooded with spoofed > ACKs containing the encrypted token for that particular spoofed address. My favorite attack for this would be to just ACK the hell out of your machine so that it burnt up all your CPU doing RC5's, which the attacker could just ignore... -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B5696E1.3A038FF5>