[69825] in North American Network Operators' Group
Re: TCP RST attack (the cause of all that MD5-o-rama)
daemon@ATHENA.MIT.EDU (Iljitsch van Beijnum)
Tue Apr 20 17:27:38 2004
In-Reply-To: <99C2AAA0-9302-11D8-B101-000A9578BB58@ianai.net>
Cc: nanog@merit.edu
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Tue, 20 Apr 2004 23:16:37 +0200
To: "Patrick W.Gilmore" <patrick@ianai.net>
Errors-To: owner-nanog-outgoing@merit.edu
On 20-apr-04, at 21:40, Patrick W.Gilmore wrote:
> What is a typical receive window on a router? I have been told (have
> not confirmed) it was about 14 bits.
Cisco routers have a command that will show you this number. It's
generally just under 16k. Unfortunately, some looking glasses allow
anyone to execute this command...
> (Someone check my math. :)
I think your math computes. I was worried for a moment that TCP might
be tricked into emitting a packet when you hit the right port combo but
the wrong sequence number. It does, and even helps out by sending back
the right sequence number. But of course this packet goes to the real
correspondent so this shouldn't help the attacker.
