Re: tcp vulnerability? haven't seen anything on it here...

From: alex
Date: Thu Apr 22 2004 - 10:59:55 EST

Next message: Maciej W. Rozycki: "Re: [PATCH] psmouse: fix mouse hotplugging"
Previous message: Tomasz Torcz: "Re: [PATCH] psmouse: fix mouse hotplugging"
In reply to: Chris Friesen: "Re: tcp vulnerability? haven't seen anything on it here..."
Next in thread: Florian Weimer: "Re: tcp vulnerability? haven't seen anything on it here..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 22 Apr 2004, Chris Friesen wrote:

> alex@xxxxxxxxxxxx wrote:
>
> > Nevertheless, number of packets to kill the session is still *large*
> > (under "best-case" for attacker, you need to send 2^30 packets)...
>
> I though the whole point of this vulnerability was that you "only"
> needed to send 64K packets, not 2^30.
64k packets if rwin is 64k and if you know ports on both sides.

If rwin is 16k (default on many routers) and you need to scan all
ephemeral ports, its 256k packets * number of ephemeral ports.

One router vendor has 4000 ephemeral ports maximum, resulting in 256k*4000
= ~1 billion packets.

-alex

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Maciej W. Rozycki: "Re: [PATCH] psmouse: fix mouse hotplugging"
Previous message: Tomasz Torcz: "Re: [PATCH] psmouse: fix mouse hotplugging"
In reply to: Chris Friesen: "Re: tcp vulnerability? haven't seen anything on it here..."
Next in thread: Florian Weimer: "Re: tcp vulnerability? haven't seen anything on it here..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]