[815] in bugtraq
Re: the next generation of nuke.c
daemon@ATHENA.MIT.EDU (Dorian Deane)
Fri Jan 27 13:47:30 1995
From: dorian@oxygen.house.gov (Dorian Deane)
To: smb@research.att.com
Date: Fri, 27 Jan 1995 11:02:02 -0500 (EST)
Cc: bugtraq@fc.net
In-Reply-To: <199501262053.OAA00835@freeside.fc.net> from "smb@research.att.com" at Jan 26, 95 03:30:13 pm
>
> Well, RST is more definitive than FIN, somehow...
>
> That said, the attack you cite is harder to carry out than you think.
> It's easy to guess the next starting sequence number for a connection;
> it's much harder to know what the sequence number status is of an existing
> connection unless you're sniffing the wire. You'd also have to know
> what the client's port number was; again, without sniffing the wire, that's
> hard to come by, unless one of the two sites has an overly-cooperative
> SNMP server.
>
I'm sure I'm confused, but...
It seems logical that RST sequence numbers should be ignored. RSTs are
usually sent to abort a hosed connection, one in which it is likely the
sequence numbers are already out of whack.
???
dorian
