Re: the next generation of nuke.c

Timothy Newsham (newsham@aloha.net)
Fri, 27 Jan 1995 16:12:38 -1000 (HST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Pete Shipley: "Re: Router filtering not enough! (Was: Re: CERT advisory )"
Previous message: Scott Chasin: "BOUNCE TEST"
In reply to: smb@research.att.com: "Re: the next generation of nuke.c"
Next in thread: smb@research.att.com: "Re: the next generation of nuke.c"

> That said, the attack you cite is harder to carry out than you think.
> It's easy to guess the next starting sequence number for a connection;
> it's much harder to know what the sequence number status is of an existing
> connection unless you're sniffing the wire.  You'd also have to know
> what the client's port number was; again, without sniffing the wire, that's
> hard to come by, unless one of the two sites has an overly-cooperative
> SNMP server.

also worth pointing out that if you have the source and dest address
and port number you can send out a proper icmp unreachable packet 
(as opposed to the obviously fake ones nuke sends out).

                                   Tim N.

Next message: Pete Shipley: "Re: Router filtering not enough! (Was: Re: CERT advisory )"
Previous message: Scott Chasin: "BOUNCE TEST"
In reply to: smb@research.att.com: "Re: the next generation of nuke.c"
Next in thread: smb@research.att.com: "Re: the next generation of nuke.c"