[nsp-sec] TCP Attack patterns - what is "normal" these days?
Smith, Donald
Donald.Smith at qwest.com
Thu Oct 22 12:03:32 EDT 2009
(coffee != sleep) & (!coffee == sleep)
Donald.Smith at qwest.com gcia
> -----Original Message-----
> From: Florian Weimer [mailto:fweimer at bfk.de]
> Sent: Thursday, October 22, 2009 9:15 AM
> To: Smith, Donald
> Cc: Barry Raveendran Greene; nsp-security at puck.nether.net
> Subject: Re: [nsp-sec] TCP Attack patterns - what is "normal"
> these days?
>
> * Donald Smith:
>
> > Not a scientific answer but lately I have seen more state exaustion
> > attacks the pipe filling attacks. All state tables are finate, most
> > are relatively small compared to the size (bandwidth) of customers
> > pipes.
>
> Would you like the attackers switch back to bandwidth saturation
> attacks?
They do both there just seems to have been a recent rise in state table attacks.
>
> It's feasible to make default installations of major platforms more
> resilient to state exhaustion attacks. I'm just not sure if it's a
> prudent thing to do.
It may be prudent it probably depends on how easily your state table can be filled or if you can turn a hash "lookup" into a cell by cell linked list search:) I saw a case of that over 5 years ago so this isn't a new method.
I don't see this as an XOR is see it as an AND.
>
> --
> Florian Weimer <fweimer at bfk.de>
> BFK edv-consulting GmbH http://www.bfk.de/
> Kriegsstraße 100 tel: +49-721-96201-1
> D-76133 Karlsruhe fax: +49-721-96201-99
>
More information about the nsp-security
mailing list