Ethereal-dev: Re: [Ethereal-dev] Detecting TCP Timestamp PAWS DoS from tracefile

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Alok" <alokdube@xxxxxxxxxx>
Date: Sun, 7 Aug 2005 23:48:56 +0530
Throw hadrware and money, anything can be done , and messed up (like the TCP
SYN checksum working fine but the rest not working fine, even if they are
just ACKs and nothing more in the payload...)... Why are you trying to
figure out someway to detect a *possible case* of a buggy implementation?
There could be 1000s more.

----- Original Message ----- 
From: "J.Smith" <lbalbalba@xxxxxxxxxxx>
To: "Ethereal development" <ethereal-dev@xxxxxxxxxxxx>
Sent: Sunday, August 07, 2005 3:22 PM
Subject: Re: [Ethereal-dev] Detecting TCP Timestamp PAWS DoS from tracefile


> >
> > is there a way to easily verify that at least all timestamps are
somewhat
> > 'consequtive' ? And if the timestamp value was set to a large value by
the
> > attacker, then it will likely be larger than the timestamp values in
> > subsequent incoming segments
> Would 'Mate' be able to assist in easily filtering based on these kind of
> criteria ? I checked the manual pages for Mate and it seems at least
> somewhat plausible at first glance, but I couldn't figure it out ...
>
>
> If someone would be able to assist with that, then that would be greatly
> appreciated.
>
>
> Thanks,
>
>
> John Smith.
>