From: Fernando Gont (fernandogont.com.ar)
Date: Wed Oct 01 2008 - 11:26:06 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 12:41 p.m. 01/10/2008, Duncan Patton a Campbell wrote:

> > This is simply the naphta attack. They don't really need to "use syn
> > cookies". They could simply ACK any SYN/ACK they receive, and that's it.
> >
>
>The impression I got is that they collect enough SYN cookies from
>the server to crack the server's secret (24bit) and THEN they can
>forge any number of acks to the server's syn cookie that contain
>bogus ip/ports but with the correct sequence/hash. If this is not
>the case then it is nothing new.

According to a podcast I listened to, this is not what they try to
do. And even then, brute force attacks against SYN cookies have
already been discussed in the past. (although I agree that it usually
requires hard googling to spot the right documentation)

Kind regards,

--
Fernando Gont
e-mail: fernandogont.com.ar || fgontacm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]