Re: denial of service attack possible

System Administrator (root@iifeak.swan.ac.uk)
Mon, 30 Oct 1995 20:14:01 +0000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Douglas Siebert: "Telnet attack on SGI"
Previous message: Casper Dik: "Re: denial of service attack possible"
In reply to: Andrew Gross: "Re: denial of service attack possible"
Next in thread: Tom Fitzgerald: "Re: denial of service attack possible"

>    The internet draft draft-heavens-problems-rsts-00.txt describes the
> problem in detail.  In short, TCP doesn't handle RSTs correctly during
> the open and close negotiations of a connection.

Heaven's is something else. The fundamental problem is TCP requires a
sequence space is not reused for 2 minutes (supposed worst case rtt). PAWS
(RFC1331) extends this further by extending the effective sequence space, but
still at the end of the day it comes up because you need infinite sequence space
to never reuse an identifier.

Heavens and also RFC1337 show cases where the protection in TCP is in adequate
and you can get errors in data (in theory).

Alan

Next message: Douglas Siebert: "Telnet attack on SGI"
Previous message: Casper Dik: "Re: denial of service attack possible"
In reply to: Andrew Gross: "Re: denial of service attack possible"
Next in thread: Tom Fitzgerald: "Re: denial of service attack possible"