At 12:41 p.m. 01/10/2008, Duncan Patton a Campbell wrote:
> This is simply the naphta attack. They don't really need to "use syn > cookies". They could simply ACK any SYN/ACK they receive, and that's it. > The impression I got is that they collect enough SYN cookies from the server to crack the server's secret (24bit) and THEN they can forge any number of acks to the server's syn cookie that contain bogus ip/ports but with the correct sequence/hash. If this is not the case then it is nothing new.
According to a podcast I listened to, this is not what they try to do. And even then, brute force attacks against SYN cookies have already been discussed in the past. (although I agree that it usually requires hard googling to spot the right documentation)
Kind regards, -- Fernando Gont e-mail: [EMAIL PROTECTED] || [EMAIL PROTECTED] PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
