 |
 |
|
April 21, 2004New TCP Flaw Found - Reset Attacks around the corner?Well, I wondered when this would surface. I heard about a presentation a couple of weeks ago that was going on at CanSecWest 2004 this week in which Paul Watson was going to discuss TCP Reset Attacks. The grapevine spoke of an interesting paper... but I never got a copy of it. It appears that the UK National Infrastructure Security Co-Ordination Centre (NISCC) got an early copy of his paper yesterday and has issued an alert discussing various scenarios... including Paul's discover of the practicability of the RST attack. Basically the attack pattern is resetting an established TCP connection by sending suitable TCP packets with the RST (Reset) or SYN (Synchronise) flags set. The packets need to have source and destination IP addresses that match the established connection as well as the same source and destination TCP ports. Of course all this is easy to spoof... and quite easy to do with Perl and Net::RawIP. (And people commented on my entry about the practicality of Perl *pffft*) You can read the details in the NISCC alert, which provides some information on mitigation techniques, including an interesting idea of resizing TCP window to deflect the attack. Now just to get a copy of the paper and read Paul's research about the attack. Maybe I can get a copy from Joost since I know he was attending the conference. Joost? Otherwise, if you are in town attending the conference let me know and we can hook up for beers... and look at the paper more closely. Posted by SilverStr at April 21, 2004 06:10 PM | TrackBackComments
Hi SilverStr - I found your blog while doing an exhaustive search for NDIS driver developers. YOu are quite the expert in network development, very impressive. This is why I was wonder if we could exchange email on the subject. I am working on a project which involves network security development for windows xp and its going a bit over my head as a developer. I have some questions that you will no doubt be able to answer. Please send me an email at dstrohschein@thewifilink.com if you would be able to help. Thanks! |
 
My 5 Favorite Books
Writing Secure Code
Secure Programming Cookbook Security Engineering Secure Coding Principles & Practice Inside the Security Mind
My 5 Favorite Papers
Smashing the Stack
Penetration Studies Covert Channel Analysis of Trusted Systems DoD Trusted Computer System Evaluation Criteria NSA Security Recommendation Guides
Archives
June 2007
May 2007 April 2007 March 2007 February 2007 January 2007 December 2006 November 2006 October 2006 September 2006 August 2006 July 2006 June 2006 May 2006 April 2006 March 2006 February 2006 January 2006 December 2005 November 2005 October 2005 September 2005 August 2005 July 2005 June 2005 May 2005 April 2005 March 2005 February 2005 January 2005 December 2004 November 2004 October 2004 September 2004 August 2004 July 2004 June 2004 May 2004 April 2004 March 2004 February 2004 January 2004 December 2003 November 2003 October 2003 September 2003 August 2003 July 2003 June 2003 May 2003 April 2003 March 2003 February 2003 January 2003 December 2002 November 2002 October 2002 September 2002 August 2002 July 2002 |
|
