mailing list archives
Re: TCP Resource Exhaustion DoS Attack Speculation
From: "Dave Korn" <dave.korn () artimi com>
Date: Wed, 8 Oct 2008 10:30:35 +0100
Fyodor wrote on 02 October 2008 11:57:
if I figure out or independently discover an issue. There was lots of
speculation on DailyDave about the DNS flaws, and I think I've figured
out this "new" vulnerability. The vague description and symptoms
match those for a DoS tool (Ndos) I wrote and used years ago.
I just posted a detailed description of the problem and its
Interesting idea, but I think that's not it. I think they're leaving the
sockets on the victim in a closing state, either TIME_WAIT or CLOSE_WAIT, and
I think they're manipulating the victim stack to prolong this state to
arbitrary (ridiculously long, maybe years) durations, probably by playing
games with sACKs or maybe PAWS, or by misleading the RTT measurements into
coming out with silly values.
Can't think of a witty .sigline today....
Dailydave mailing list
Dailydave () lists immunitysec com