| To: | Chris Friesen <cfriesen@xxxxxxxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: tcp vulnerability? haven't seen anything on it here... |
| From: | alex@xxxxxxxxxxxx |
| Date: | Thu, 22 Apr 2004 11:47:15 -0400 (EDT) |
| Cc: | linux-kernel@xxxxxxxxxxxxxxx, <netdev@xxxxxxxxxxx> |
| In-reply-to: | <4087E7FB.7000400@nortelnetworks.com> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
On Thu, 22 Apr 2004, Chris Friesen wrote: > alex@xxxxxxxxxxxx wrote: > > > Nevertheless, number of packets to kill the session is still *large* > > (under "best-case" for attacker, you need to send 2^30 packets)... > > I though the whole point of this vulnerability was that you "only" > needed to send 64K packets, not 2^30. 64k packets if rwin is 64k and if you know ports on both sides. If rwin is 16k (default on many routers) and you need to scan all ephemeral ports, its 256k packets * number of ephemeral ports. One router vendor has 4000 ephemeral ports maximum, resulting in 256k*4000 = ~1 billion packets. -alex |
| Previous by Date: | Re: tcp vulnerability? haven't seen anything on it here..., Chris Friesen |
|---|---|
| Next by Date: | Re: [PATCH] r8169 NAPI addition, Jon D Mason |
| Previous by Thread: | Re: tcp vulnerability? haven't seen anything on it here..., Chris Friesen |
| Next by Thread: | Re: tcp vulnerability? haven't seen anything on it here..., Florian Weimer |
| Indexes: | [Date] [Thread] [Top] [All Lists] |