|
Vulnerability Development
mailing list archives
Re: Naptha - New DoS
From: rpc <h () ckz org>
Date: Fri, 8 Dec 2000 09:14:50 GMT
On Fri, 8 Dec 2000 02:44:23 -0500, White Vampire said:
On Thu, Dec 07, 2000 at 06:49:12PM +0100, Carl-Johan Bostorp(ctor () krixor xy org) wrote:
> Hmm.. Maybe I didn't read it close enough, but isn't what it does that it
> just opens a bunch of TCP connections w/o keeping a local state?? ... The
> only new thing I see is that it's been implemented and publicized.. But it
> doesn't really matter..
It involves some 'spoofing' too, so to speak. So the
originating host does not complete the handshake, thus not being
affected.
On reading the Razor advisory, it seems the attack involves spoofing as well as
sniffing.
There is a daemon running on a machine on the same LAN as the victem, which
listens for the spoofed SYN packets, and the SYN/ACK reply from the victem.
The sniffing daemon then forges the last ACK of the handshake, from the spoof
to the victem. Thus the victem thinks the TCP connection is ESTABLISHED and
legitmate. Repeat.
Regardless, I am not really sure what the problem is. So what
if it is an old concept. So what if it has been discussed to death. Is
this not worth fixing? This is /not/ a good thing.
> I never mentioned inetd. Use xinetd as wrapper for other daemons like ssh
> and you no longer have to worry about ssh being attacked.
Ah, my error.
Regards,
--
__ ______ ____
/ \ / \ \ / / White Vampire\Rem
\ \/\/ /\ Y / http://www.gammagear.com/ (Gear for the BOFH!)
\ / \ / http://www.webfringe.com/
\__/\ / \___/ http://www.gammaforce.org/
\/ "Silly hacker, root is for administrators."
 By Date 
By Thread
Current thread:
|
Intro
