[14433] in bugtraq
Re: PIX DMZ Denial of Service - TCP Resets
daemon@ATHENA.MIT.EDU (Guido van Rooij)
Tue Mar 28 02:30:27 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000327135743.A67420@eniac.mpn.cp.philips.com>
Date: Mon, 27 Mar 2000 13:57:43 +0200
Reply-To: Guido van Rooij <Guido.vanRooij@NL.ORIGIN-IT.COM>
From: Guido van Rooij <Guido.vanRooij@NL.ORIGIN-IT.COM>
X-To: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200003211525.CAA02867@cairo.anu.edu.au>
On Wed, Mar 22, 2000 at 02:25:16AM +1100, Darren Reed wrote:
>
> The general gist of this problem is poorly implemented TCP connection
> state tracking. You *must* track window sizes and sequence numbers
> and acknowledgments to at least reduce the chance of any given TCP
> packet from "outside" actually being part of that connection.
>
The current implementation of this in IPfilter will be covered in
a paper that is due for SANE2000 (http://www.nluug.nl/events/sane2000/).
The submitted paper can be found at
http://www.iae.nl/users/guido/papers/tcp_filtering.ps.gz
Comments are welcome!
-Guido
