The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


RFC-1644 (fwd)


<< Previous INDEX Search src Set bookmark Go to bookmark Next >> 
X-RDate: Tue, 07 Apr 1998 08:30:52 +0600 (ESD)
Date: Mon, 6 Apr 1998 10:30:55 -0500
From: Aleph One <aleph1@DFW.NET.>
To: BUGTRAQ@NETSPACE.ORG
Subject: RFC-1644 (fwd)

---------- Forwarded message ----------
Date: Sat, 4 Apr 1998 19:21:58 +0600 (ESS)
From: Vasim Valejev <vasim@diaspro.com.>
To: freebsd-security@FreeBSD.ORG
Subject: RFC-1644

Hi !

Transactions-TCP (RFC-1644) in FreeBSD (and other systems) can cause
 problems for security :

1. New variant of SYN-flood attack . Someone can send many T/TCP
 packets with fake originate address (any unreachable address) and
 overload (possible cause Denial-Of-Service) victim's server (for example -
 many T/TCP requests to telnet/ftp/http/etc daemons) .

2. Attack to r*-services (rshd/rlogind without kerberos-authentication) .
 Hacker can send T/TCP requests with originate address from /etc/hosts.equiv or
 .rhosts files . In some cases (computer with address from hacker's request
 can't send TCP-RST packet in time) it possible run commands on attacked
 target . My experiments shows what attacker just need 10-50 ms delay between
 victim sending SYN-ACK packet and receiving RST packet from trusted computer
 (it depends from algorithm rshd/rlogind , place DNS-server with reverse zone ,
 etc) . This attack can be used on other tcp-services with authentication
 based on ip-address .

RFC-1644 must die :( . My english too (*sigh*) . Just do
 'sysctl -w net.inet.tcp.rfc1644=0' and forget about it :) .

Vasim V. (2:5011/27 http://members.tripod.com/~Vasim VV86-RIPE)

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей 		Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру