|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Fernando Gont (fernando
gont.com.ar)
Date: Wed Oct 01 2008 - 10:24:16 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
At 11:13 a.m. 01/10/2008, Duncan Patton a Campbell wrote:
>"
>Sockstress computes and stores so-called client-side SYN cookies and
>enables Lee and Louis to specify a destination port and IP address.
>The method allows them to complete the TCP handshake without having
>to store any values, which takes time and resources. "We can then
>say that we want to establish X number of TCP connections on that
>address and that we want to use this attack type, and it does it," Lee said.
>"
This is simply the naphta attack. They don't really need to "use syn
cookies". They could simply ACK any SYN/ACK they receive, and that's it.
The attack is not new, and they are not proposing any counter-measures.
It doesn't mean does this does not need attention... but they are not
making any new contribution to the issue.
Kind regards,
--
Fernando Gont
e-mail: fernandogont.com.ar || fgontacm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]