|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: mb_lima (mb_lima_at_uol.com.br)
Date: Tue Jan 28 2003 - 12:19:49 CST
I think that the network infrastrucure can result in TCP
retransmissions in the handshake phase increasing delay in
connections establishment. TCP resets work fine in this case.
I saw many colisions my router because it had a 2Mb Interface
with Internet and 100Mb interfaces with internal network.
Regards,
Marcelo.
> Why not? Packets travel quickly even on small pipes...
> If a block takes 3 seconds to implement, how many packets
> will have gone by, even on a small link? It has been a
> long time since I saw a link that couldn't handle enough
> packets per second to get a nasty backdoor loaded in less
> than 3 seconds..
>
> toby
>
> > -----Original Message-----
> > From: mb_lima [mailto:mb_lima
uol.com.br]
> > Sent: Tuesday, January 28, 2003 8:39 AM
> > To: FGarbrechtecogchair.org
> > Cc: Kohlenberg, Toby; RLosenteredge.com; detmar.liesenld
s.nrw.de;
> > abegetchellqx.net; focus-idssecurityfocus.com
> > Subject: RE: Active response... some thoughts.
> >
> >
> >
> > Toby,
> >
> > > Actually, TCP resets don't work in many cases-
> > for instance any
> > > situation where you have a single packet exploit (say th
e Sa
> > phire
> > > worm that just ran through the Net)... This is the same
prob
> > lem
> > > that router/firewall reconfiguration has-
> > by the time the response
> > > happens, the compromise is done.
> >
> > I agree with you, but I think that in low bandiwith link
s
> > this is not a problem.
> >
> > Marcelo.
> >
> >
> > ---
> > UOL, o melhor da Internet
> > http://www.uol.com.br/
> >
>
--- UOL, o melhor da Internet http://www.uol.com.br/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]