Create an Account
username: password:
 
  MemeStreams Logo

MemeStreams Discussion

search


This page contains all of the posts and discussion on MemeStreams referencing the following web page: TCP/IP Keep alive exploit presentation at Phreaknic. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

TCP/IP Keep alive exploit presentation at Phreaknic
by Acidus at 3:38 pm EDT, Jul 22, 2005

Description: This bug appeared during a few experimentations with the TCP/IP stack after which we found out that it was not, at least it is not of our knowledge, found anywhere else before. That was actually a Solaris bug that resembles this one.

After an established connection, a specially crafted packet with the ACK/FIN flags set, a corrected Sequency Number but with an incorrected Acknowledge Number will trigger a massive flush of packages with zero size and only the ACK flag set. Ethereal logs showed that the keep alive state was occuring and this flow kept going for approximately 3 minutes and a few million packets. It was clearly observed that CPU and network performance was severed decreased due to this misbehave.

Potential attacks includes DoS and DDoS. Applications and services that depends on quality of services (QoS) such as H323 applications (VoIP) and video streamming will suffer dramatic performance downgrade.

Interesting looking presentation at Phreaknic this year.


 
 
Powered By Industrial Memetics