Open Source is a great idea and it has changed the world!
Open Source forever ....
While you do not know attack, how can you know about defense? (未知攻,焉知防?)
Do BAD things .... for the RIGHT reasons -- OWASP ZAP
It is easier to port a shell than a shell script. -- Larry Wall
Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris. -- Larry Wall
为天地立心, 为生民立命, 为往圣继绝学, 为万世开太平。 -- 王炜
Thursday, August 15, 2013
Quick Blind TCP Connection Spoofing with SYN Cookies
A various of Linux distributions including Ubuntu and Debian is enabled TCP SYN Cookies defence mechanism against SYN-Flooding DoS Attacks by default.
However, this defence mechanism may led to an attack. Jakob Lell developed a PoC exploit and performed a test. He found out that there is about one successful spoof connection every 10 minutes on a 3 year old notebook (HP 6440b, i5-430M CPU and Marvell 88E8072 gigabit NIC) client and a desktop computer as the server. The test was running 10.5 hour overnight and successfully spoofed 64 connections.
He also stated that if the TCP SYN Cookies is not enabled, the attack may also be successful but it may need more time.
Consider what happen if an attacker spoofed a SSH connection without credentials.
Reference
[1] Full Disclosure
[2] Jakob Lell's Blog
That's all! See you.