Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Nmap Development: Re: TCP Resource Exhaustion Attacks

Re: TCP Resource Exhaustion Attacks

From: Robert E. Lee <robert_at_outpost24.com>
Date: Mon, 6 Oct 2008 09:34:41 +0100

On Oct 6, 2008, at 8:12 AM, Fyodor wrote:
> Even if the four bytes you are squirreling away in the ISN were
> essential, it seems like a stretch to describe that storage issue as
> "why Full Connection Flooding isn't more popular". You've mentioned
> in the podcast that your attacks tend to require 10-40 packets per
> second. At four bytes stored per packet, that is up to 160 bytes per
> second, or 14 megabytes per day-long attack. My cell phone can easily
> store that. And if you need to send packets so quickly that the
> required state is overwhelming, it isn't a low-bandwidth attack
> anymore and you might as well be doing a simple packet flood instead.

Those slides cover most things we thought someone might need to know
to build up to what we're actually doing. Those slides don't actually
describe any of the vulnerabilities that we're alarmed about.

> Also, I'm sorry if it sounds like I'm attacking you specifically, but
> we've seen many cases of this "partial disclosure" nonsense lately,
> and they all seem to lead to the "out of control barrage of fear
> mongering" you describe. So I finally decided to put my foot down and
> have my say. Even if nobody listens to me, I feel better for having
> said it :).

:). We're all entitled to our opinions. I respectfully remind you
that you are missing or forgetting important behind the scenes details
of how we got to this point, but we're here now either way.

As long as the vendors are working with us, we see no compelling
reason to appease the internet security research community as a whole
with full disclosure details. That doesn't help anyone at this point,
so the "put up or shut up" line of reasoning comes off as silly.

That said, we are under no contractual obligation to withhold
details. If you really believe you can make a difference fixing the
problems, then I would encourage you to contact me or cert-fi and join
that effort.

Robert 

--
Robert E. Lee
Chief Security Officer
Outpost24 - One Step Ahead
http://www.outpost24.com
SE Phone: +46-8-559-21231
US Phone: +1 801-542-9292
email: robert_at_outpost24.com
http://blog.robertlee.name
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Oct 06 2008
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]