[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: TCP reset attacks and the linux kernel.



On Wed, 2004-05-12 at 03:31, Naoki wrote:
> Hi 'yall.
> 
> I just read this http://kerneltrap.org/node/view/3072, it details TCP 
> reset (RST or SYN) attacks and has me sufficiently worried
> enough to ask some questions.
> 
> I checked out the list of kernel tunable parameters with "sysctl -a" and 
> found the option to disable window scaling but how do I change the 
> window size from the default 64k to say 16k?
> 
> The next question is how can I set ( if it's not already ) my TCP stack 
> to randomize source ports?
> 
> 
> 
> What does the Fedora community have to say in response to this 
> potentially large problem?
> 
> Cheers!

I briefly scanned this article and this attack is known as a "man in the
middle" attack. From what I understand, this would require;

1) The attacker/cracker have direct access or have a zombie, be directly
connected,  to either the same subnet of either the sender or receiver.
In any case the attacker/cracker would have to, somehow, be aware of the
connection.

2) Long term and repetitive (S.A. a data link) connections are more
vulnerable to this attack.

3) Remember most compromises come from internal sources such as
downloaded trojans, worms, etc.
-- 
jludwig <wralphie comcast net>



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]