Posted by The Natural Philosopher on 01/23/08 10:11

Baho Utot wrote:
> Willem Bogaerts wrote:
>
> [putolin]
>
>> What I mean is, could you send a stream of packages (even if a lot of
>> them are junked), such that some of them will always respond to the
>> server? I don't know how many possibilities or how much time this would
>> take, but I am just trying to see if the anonymous injection attack
>> mentioned earlier could work.
>>
>> Instead of:
>>> Client --- Host
>>> SYN -->
>>> <-- SYN+ACK
>>> ACK -->
>> Would it be possible to do:
>> Client --- Host
>> SYN -->
>> (pause)
>> ACK -->
>> Inother words, a "brute force ACKing"?
>>
>> Just curious,
>
> There is a "state machine" for every connection.
> For a detailed description on the state machine refer to RFC 793.
> TCP connections are in the CLOSED state (the default).
> TCP connections require the SYN+ACK from the "other end".
> You have 75 seconds to complete the TCP handshake , otherwise the "opening
> connection" is tossed.
>
> Your ACK would simply be tossed on the receiving side.
>
> If you send a batch of SYN packets in less than 75 seconds the "TCP state
> machine" for the host may become "full" and it will ignore any more SYN
> attempts. Your classic denial-of-service attack.
>
Its no use quonting facts at Jerry.

Like god, he is right, by *definition*. ;-)

[Back to original message]