On Wed, 1 Oct 2008 15:58:22 +0200 Claudio Jeker <[EMAIL PROTECTED]> wrote:
> On Wed, Oct 01, 2008 at 03:31:00PM +0200, Stephan A. Rickauer wrote: > > On Wed, 2008-10-01 at 14:52 +0200, Leon Dippenaar wrote: > > > Hi there, > > > > > > is there any weight to this new story on slashdot > > > http://it.slashdot.org/it/08/10/01/0127245.shtml > > > > > > about a new attacker possible to break any tcp stack? Sounds rather > > > shady, so here I am, perhaps you guys have your ears closer to the ground > > > > A little bit less vage info can be found here > > > > http://tinyurl.com/3hv3kf > > > > This article is mostly about exploiting SYN cookies to bring servers into > resource starvation. OpenBSD does not implement SYN cookies. We have a SYN > cache with a upper limit of open handshakes. Together with random initial > sequence numbers it is hard to finish the 3-way handshake without getting > the SYN/ACK from the server on OpenBSD systems. > It seems to me the "problem" is with SYN cookies. Dhu > I'm not too concerned about this "fundamental problem with TCP" but as > usual the mentioned article is less informative then the back side of my > breakfast cereals box. > -- > :wq Claudio
