|
Nmap Development
mailing list archives
Re: TCP Resource Exhaustion Attacks
From: doug () hcsw org
Date: Thu, 2 Oct 2008 13:55:05 -0700
Hi all,
I initially discounted this as a hoax because of the following
news article:
http://www.darkreading.com/blog.asp?blog_sectionid=403&doc_id=164939&WT.svl=tease2_2
"""
Robert and I talk a lot, and I asked him if he'd be willing to
DoS us, and he flatly said, "Unfortunately, it may affect other
devices between here and there so it's not really a good idea."
"""
Along with the info that this attack targets TCP stacks, this
sounds very suspect to me. Except for possibly TCP-level
filters at the end-points or wasted network bandwidth,
I fail to see how an attack against TCP stacks could affect
devices in between.
Maybe this is a case of journalists twisting his words. It's
hard to tell with so little info and I look forward to reading
the report in full.
No idea if it is related or not, but there was a presentation
about a new class of DoS attacks at CanSecWest 2007 that I
found interesting and scary:
V. Anil Kumar - National Aerospace Laboratories, Bangalore
Low-Rate Denial-of-Service attacks
It involves initiating a large file transfer using a modified
TCP stack that sends ACK packets before it receives data.
The objective is to saturate the target's upstream bandwidth
by sending very few packets yourself.
Doug
Attachment:
signature.asc
Description: Digital signature
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
 By Date 
By Thread
Current thread:
|
Intro
