Home page logo
/

basics logo Security Basics mailing list archives

RE: Yahoo Messenger Stale Sessions
From: <Leonard.Ong () nokia com>
Date: Mon, 18 Nov 2002 11:57:06 +0800

I haven't tried this on Linux.....
I guess nobody cares about having zombie sessions on their machine.... Have to come up with a proof of concept attacks.


Regards,
Leonard Ong
Network Security Specialist, APAC
NOKIA

Email.  Leonard.Ong () nokia com
Mobile. +65 9431 6184
Phone.  +65 6723 1724
Fax.    +65 6723 1596



-----Original Message-----
From: ext phani () myrealbox com [mailto:phani () myrealbox com]
Sent: Saturday, November 16, 2002 7:21 PM
To: security-basics () securityfocus com
Subject: Re: Yahoo Messenger Stale Sessions


On Wed, Nov 13, 2002 at 01:50:49PM +0800, Leonard.Ong () nokia com wrote:
hi,
  As you mentioned if the OS has to perform cleanup and if Windows(I am assuming you are working on windows) does not 
do that then is this a flaw with the TCP/IP stack implementation of Windows ? How does it happen in Linux ? Any idea..
thx
phani


Hi,

Yet, the OS should perform cleanup by implementing a tcp timeout ( default 3600 seconds ).  There are many protocols 
that doesn't send a FIN packet, yet they manage to terminate the session.


Regards,
Leonard Ong
Network Security Specialist, APAC
NOKIA

Email.  Leonard.Ong () nokia com
Mobile. +65 9431 6184
Phone.  +65 6723 1724
Fax.    +65 6723 1596


Hmm, I'm not an expert in this, but I do realize if the 4-way handshake for
terminating a connection is not done properly, e.g. the user switched off
his dial-up modem abruptly, it would cause the "stale/zombie" sessions
described as above. The dial-up machine will not have the opportunity to
send the FIN to your machine.

You probably need to know the sequence number, source port, destination port
as well as source IP and destination IP (which you should know).





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault