Talk:Resource attack: Difference between revisions
Jump to navigation
Jump to search
imported>Sandy Harris (questtion about SYN/ACK flags) |
imported>Howard C. Berkowitz No edit summary |
||
Line 3: | Line 3: | ||
== SYNs and ACKs == | == SYNs and ACKs == | ||
The description here of which messages have which flags set is different from what I thought it was. Checking the CERT document linked, their description is different from both. [[User:Sandy Harris|Sandy Harris]] 15:16, 25 June 2010 (UTC) | The description here of which messages have which flags set is different from what I thought it was. Checking the CERT document linked, their description is different from both. [[User:Sandy Harris|Sandy Harris]] 15:16, 25 June 2010 (UTC) | ||
:OK, while the page looks OK to me, let me describe, from wetware memory of lots of protocol analyzer traces. There are nuances for connection collision that probably aren't relevant. | |||
:Originator sends SYN with proposed send sequence number and credit | |||
:Receiver sends SYN-ACK with proposed received sequence number if connection accepted; silent if rejecting connection | |||
:Originator confirms three-way handshake with SYN-ACK and updated bidirectional sequence numbers. | |||
:In a SYN-FLOOD, attacker repeats the first message but never the third. | |||
--[[User:Howard C. Berkowitz|Howard C. Berkowitz]] 15:34, 25 June 2010 (UTC) |
Revision as of 09:34, 25 June 2010
SYNs and ACKs
The description here of which messages have which flags set is different from what I thought it was. Checking the CERT document linked, their description is different from both. Sandy Harris 15:16, 25 June 2010 (UTC)
- OK, while the page looks OK to me, let me describe, from wetware memory of lots of protocol analyzer traces. There are nuances for connection collision that probably aren't relevant.
- Originator sends SYN with proposed send sequence number and credit
- Receiver sends SYN-ACK with proposed received sequence number if connection accepted; silent if rejecting connection
- Originator confirms three-way handshake with SYN-ACK and updated bidirectional sequence numbers.
- In a SYN-FLOOD, attacker repeats the first message but never the third.
--Howard C. Berkowitz 15:34, 25 June 2010 (UTC)