lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 12 Dec 2003 12:14:44 -0500 From: Barney Wolff <barney@...abus.com> To: Michal Zalewski <lcamtuf@...ttot.org> Cc: bugtraq@...urityfocus.com, full-disclosure@...sys.com Subject: Re: A new TCP/IP blind data injection technique? On Fri, Dec 12, 2003 at 01:41:13AM +0100, Michal Zalewski wrote: > > B. Although checksum is *NOT* optional in TCP packets (unlike with UDP), it > seems that there is a notable (albeit unidentified at the moment) > population of systems that do consider it to be optional when set to > zero, or do not verify it at all. I have conducted a quick check > as follows: > > - I have acquired a list of 300 most recent unique IPs that > had established a connection to a popular web server. > - I have sent a SYN packet with a correct TCP checksum to all > systems on the list, receiving 170 RST replies. > - I have sent a SYN packet with zero TCP checksum to all systems on > the list, receiving 12 RST replies (7% of the pool). > > As such, there seems to be a reason for some concern, even with > random IP IDs, since it only takes one RFC-ignorant party for the > attack against a session to succeed. I suspect that in these cases the RSTs may be coming from firewalls rather than end-hosts. It would be more impressive and surprising if one ever got a SYN-ACK in response. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists