Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SSL and TCP RST/SYN attack

From: krymson () gmail com
Date: Thu, 24 Sep 2009 07:31:53 -0600
It would be more accurate to say this is intrinsic to TCP in general. However, this is not an unknown situation. If you 
can see the TCP SYN packet fly by, you can spoof a TCP RST packet back. If you're in a MITM position, you'll always win 
that race.

Plenty of web filtering products use this TCP RST method to stop users from getting to blacklisted sites.

Now, if you're talking about sending TCP RSTs to someone you're not MITMing (sniffing), then you'll have to guess the 
TCP sequence number. This isn't likely to succeed and you're more likely to DoS the target before reseting a specific 
connection.


From the bank's perspective, this isn't an issue since there's nothing they can do about it.



From the user's issue, they're probably going to have bigger problems with an attacker MITMing them than simply being 
denied access to their bank site. But, again, there's not much to do about it other than working only on a trusted 
network. Going deeper into geekdom, they may want to just make sure they're using a platform that properly randomizes 
their TCP sequence numbers...



<- snip ->

Hi all:
I would like to ask a question about SSL. Consider the situation that
a man in the middle. Because he can always fake TCP RST/SYN packet, so
he can always block the client to get service from the https server.

So can I say that this is an intrinsic vulnerable in SSL, as
considering the situation that the attacker is in the same LAN with
the client, the attacker can always block the client to reach his
server (say on-line banking)?

Thanks
David

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: