Talk:Resource attack

From Citizendium
Revision as of 11:50, 25 June 2010 by imported>Howard C. Berkowitz
Jump to navigation Jump to search
This article is developing and not approved.
Main Article
Discussion
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
To learn how to update the categories for this article, see here. To update categories, edit the metadata template.
 Definition Malware that overwhelms processing, memory, or network resources of a computer system by sending large numbers requests that appear legitimate, but at a high rate or in some manner crafted to make resources unavailable [d] [e]
Checklist and Archives
 Workgroup category Computers [Categories OK]
 Subgroup category:  Security
 Talk Archive none  English language variant American English

SYNs and ACKs

The description here of which messages have which flags set is different from what I thought it was. Checking the CERT document linked, their description is different from both. Sandy Harris 15:16, 25 June 2010 (UTC)

OK, while the page looks OK to me, let me describe, from wetware memory of lots of protocol analyzer traces. There are nuances for connection collision that probably aren't relevant.
Originator sends SYN with proposed send sequence number and credit
Receiver sends SYN-ACK with proposed received sequence number if connection accepted; silent if rejecting connection
Originator confirms three-way handshake with SYN-ACK and updated bidirectional sequence numbers.
In a SYN-FLOOD, attacker repeats the first message but never the third.

--Howard C. Berkowitz 15:34, 25 June 2010 (UTC)

Page says sequence is SYN SYN SYN-ACK You say SYN SYN-ACK SYN-ACK and CERT give SYN SYN-ACK ACK. I'm almost certain CERT would be correct. Sandy Harris 15:57, 25 June 2010 (UTC)
What does the RFC say? If we're going to these levels, the state machine is also going to be looking at the sequence numbers. We'll take the TCP RFC over CERT. I may have misspoken and it is closer to SYN SYN SYN-ACK, but with sequence number constraints on the second step.Howard C. Berkowitz 16:50, 25 June 2010 (UTC)