[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Re: PIX DMZ Denial of Service - TCP Resets
From: Guido van Rooij <Guido.vanRooij () NL ! ORIGIN-IT ! COM>
Date: 2000-03-27 11:57:43
[Download RAW message or body]
On Wed, Mar 22, 2000 at 02:25:16AM +1100, Darren Reed wrote:
>
> The general gist of this problem is poorly implemented TCP connection
> state tracking. You *must* track window sizes and sequence numbers
> and acknowledgments to at least reduce the chance of any given TCP
> packet from "outside" actually being part of that connection.
>
The current implementation of this in IPfilter will be covered in
a paper that is due for SANE2000 (http://www.nluug.nl/events/sane2000/).
The submitted paper can be found at
http://www.iae.nl/users/guido/papers/tcp_filtering.ps.gz
Comments are welcome!
-Guido
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic