From: Peter J. Philipp (pjpsolarscale.de)
Date: Wed Oct 01 2008 - 11:56:43 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Fernando Gont wrote:
> According to a podcast I listened to, this is not what they try to do.
> And even then, brute force attacks against SYN cookies have already
> been discussed in the past. (although I agree that it usually requires
> hard googling to spot the right documentation)
>
> Kind regards,
>
> --
> Fernando Gont
> e-mail: fernandogont.com.ar || fgontacm.org
> PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
>

I listened to the podcast and got the idea that the socket is in
ESTABLISHED state (so after 3 way handshake) and they
mention that a packets PCB resources have timers, and that is what they
exploit. Perhaps you establish the session and
send an HTTP request (pretend it's http) and never ACK the answer that
gets repeated based on the internal timers. It seemed to me they say
that some stop repeating their content and just die.

-p

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]