|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Todd Heberlein (todd_heberlein_at_mac.com)
Date: Tue Jan 28 2003 - 17:24:32 CST
On Tuesday, January 28, 2003, at 08:31 AM, Garbrecht, Frederick wrote:
> ummmm, just a technical quibble, but a TCP reset wouldn't work with the
> Sapphire worm because it propagates using UDP as transport, not
> TCP.....
It is just a minor quibble because the point is that the attack was
completely contained in a single packet. The same would have held true
if it was over a TCP/IP connection. Once the attack has been
completed, a TCP RST would provide no value. It is the proverbial
closing the barn doors after the horse is already out.
RST is largely a marketing solution, not a technical solution.
Todd
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]