Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: PIX DMZ Denial of Service - TCP Resets
From: Guido.vanRooij () NL ORIGIN-IT COM (Guido van Rooij)
Date: Mon, 27 Mar 2000 13:57:43 +0200


On Wed, Mar 22, 2000 at 02:25:16AM +1100, Darren Reed wrote:

The general gist of this problem is poorly implemented TCP connection
state tracking.  You *must* track window sizes and sequence numbers
and acknowledgments to at least reduce the chance of any given TCP
packet from "outside" actually being part of that connection.


The current implementation of this in IPfilter will be covered in
a paper that is due for SANE2000 (http://www.nluug.nl/events/sane2000/).

The submitted paper can be found at
http://www.iae.nl/users/guido/papers/tcp_filtering.ps.gz

Comments are welcome!

-Guido


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]