[467] in cryptography@c2.net mail archive
Re: How bad is this?
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Wed Apr 2 11:18:41 1997
To: cryptography@c2.net
In-reply-to: Your message of "Wed, 02 Apr 1997 05:40:51 MST."
<9704021240.AA16568@nyx.net>
Reply-To: perry@piermont.com
Date: Wed, 02 Apr 1997 11:16:55 -0500
From: "Perry E. Metzger" <perry@piermont.com>
Colin Plumb writes:
> What is actually needed is a (pseudo-)random function. An attacker
> breaks it if, given access to a number of chosen function
> outputs H(x1), H(x2), ..., he can find a pair (y,H(y)), for
> a y never asked about. (Actually, the threat is only significant if
> he can find many more y's than x's.)
>
> If an attacker can do this, he can syn-flood the machine and tie up
> resources.
Actually, RFC1948 stuff has nothing to do with SYN Floods.
Its a protection against sequence number attacks, which permit address
spoofing. It is not a denial of service problem at all!
> This is why the *number* of breaks is important. Just one, or two,
> or even a hundred is not fatal.
Nope. Because this is a defense against spoofing (which can be used,
for instance, to log in to machines), the number of breaks is ideally
zero.
Now, you shouldn't be trusting a remote host's IP address in the first
place, but this is designed to prevent session stealing and session
spoofing, not SYN floods.
Perry
