Posted by Baho Utot on 01/22/08 23:01

Willem Bogaerts wrote:

[putolin]

> What I mean is, could you send a stream of packages (even if a lot of
> them are junked), such that some of them will always respond to the
> server? I don't know how many possibilities or how much time this would
> take, but I am just trying to see if the anonymous injection attack
> mentioned earlier could work.
>
> Instead of:
>> Client --- Host
>> SYN -->
>> <-- SYN+ACK
>> ACK -->
> Would it be possible to do:
> Client --- Host
> SYN -->
> (pause)
> ACK -->
> Inother words, a "brute force ACKing"?
>
> Just curious,

There is a "state machine" for every connection.
For a detailed description on the state machine refer to RFC 793.
TCP connections are in the CLOSED state (the default).
TCP connections require the SYN+ACK from the "other end".
You have 75 seconds to complete the TCP handshake , otherwise the "opening
connection" is tossed.

Your ACK would simply be tossed on the receiving side.

If you send a batch of SYN packets in less than 75 seconds the "TCP state
machine" for the host may become "full" and it will ignore any more SYN
attempts. Your classic denial-of-service attack.

--
Dancin in the ruins tonight
Tayo'y Mga Pinoy

[Back to original message]