dugsongMONKEY.ORG

• Next message: Bennett Todd: "Re: OpenSSH Password Question"
• Previous message: Vitaly McLain: "Re: OpenSSH Password Question"
• In reply to: Simple Nomad: "Re: Naptha - New DoS"
• Next in thread: Stephane Aubert: "Re: Naptha - New DoS"
• Next in thread: White Vampire: "Re: Naptha - New DoS"
• Reply: Dug Song: "Re: Naptha - New DoS"
• Reply: Stephane Aubert: "Re: Naptha - New DoS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Dec 10, 2000 at 09:14:23AM -0600, Simple Nomad wrote:

> Regarding scut's comment that 3wahas already does this -- the answer
> to that is not exactly. Forging just the TCP packets will work to a
> certain extent, forging the generated arp requests as well will
> cause much more effective and quicker resource depletion.

um, i released a simplified version of my "nakji" tool to do just that
back in April, when Stanislav Shalunov published his "netkill" attack.
state-holding attacks against TCP weren't really news then, and they
certainly aren't news now.

        http://www.deja.com/getdoc.xp?AN=616571925

Stanislav did, however, identify some novel ways to maximize the
impact of such an attack by exploiting exceptionally bad failure
modes, including forcing the remote TCP into an indefinite persist
state with pending data for retransmission on a closed window.

i doubt that "NAPTHA" pulls any new tricks, but i've never seen it.

-d.

---
http://www.monkey.org/~dugsong/

• Next message: Bennett Todd: "Re: OpenSSH Password Question"
• Previous message: Vitaly McLain: "Re: OpenSSH Password Question"
• In reply to: Simple Nomad: "Re: Naptha - New DoS"
• Next in thread: Stephane Aubert: "Re: Naptha - New DoS"
• Next in thread: White Vampire: "Re: Naptha - New DoS"
• Reply: Dug Song: "Re: Naptha - New DoS"
• Reply: Stephane Aubert: "Re: Naptha - New DoS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]