[69874] in North American Network Operators' Group
Re: TCP RST attack (the cause of all that MD5-o-rama)
daemon@ATHENA.MIT.EDU (Peter Galbavy)
Wed Apr 21 02:53:25 2004
From: "Peter Galbavy" <peter.galbavy@knowtion.net>
To: "E.B. Dreger" <eddy+public+spam@noc.everquick.net>,
"Patrick W.Gilmore" <patrick@ianai.net>
Cc: <nanog@merit.edu>
Date: Wed, 21 Apr 2004 07:45:36 +0100
Errors-To: owner-nanog-outgoing@merit.edu
E.B. Dreger wrote:
> I don't think we're even that far along. If I'm reading FreeBSD
> 4.9 and NetBSD 1.6.2 source correctly,
>
> /usr/src/sys/netinet/in_pcb.c
Should have stretched as far as OpenBSD then. Same file.
> tells all.
> AFAIK, sequential search is about it. Try a port number, verify
> that the src/dist ip+port combination is available, then go on to
> the next lport if the guessed one is in use.
As far as I can see - I have never read the code before, just the commit
messages - the OpenBSD version does a circular, random search between high
and low targets.
Peter
