I haven't tried this on Linux..... I guess nobody cares about having zombie sessions on their machine.... Have to come up with a proof of concept attacks.
Regards, Leonard Ong Network Security Specialist, APAC NOKIA Email. [EMAIL PROTECTED] Mobile. +65 9431 6184 Phone. +65 6723 1724 Fax. +65 6723 1596 -----Original Message----- From: ext [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Saturday, November 16, 2002 7:21 PM To: [EMAIL PROTECTED] Subject: Re: Yahoo Messenger Stale Sessions On Wed, Nov 13, 2002 at 01:50:49PM +0800, [EMAIL PROTECTED] wrote: hi, As you mentioned if the OS has to perform cleanup and if Windows(I am assuming you are working on windows) does not do that then is this a flaw with the TCP/IP stack implementation of Windows ? How does it happen in Linux ? Any idea.. thx phani > Hi, > > Yet, the OS should perform cleanup by implementing a tcp timeout ( default 3600 >seconds ). There are many protocols that doesn't send a FIN packet, yet they manage >to terminate the session. > > > Regards, > Leonard Ong > Network Security Specialist, APAC > NOKIA > > Email. [EMAIL PROTECTED] > Mobile. +65 9431 6184 > Phone. +65 6723 1724 > Fax. +65 6723 1596 > > > Hmm, I'm not an expert in this, but I do realize if the 4-way handshake for > terminating a connection is not done properly, e.g. the user switched off > his dial-up modem abruptly, it would cause the "stale/zombie" sessions > described as above. The dial-up machine will not have the opportunity to > send the FIN to your machine. > > You probably need to know the sequence number, source port, destination port > as well as source IP and destination IP (which you should know). > > >
