Mark Bixby <[log in to unmask]> writes:
>The Internet service provider Panix in NYC was the recent victim of a TCP/IP
>SYN denial-of-service attack against their Unix systems.  This type of attack
>involves flooding a target victim with 'bogus' (technical details withheld by
>me) TCP SYN packets sent to important service ports like http, dns, smtp,
>etc.  The system under attack then cannot accept legitimate TCP
>connections to
>the affected ports.
>
>Does anybody know if MPE is vulnerable to this kind of attack?
 
Yes, it is, as is any TCP/IP implementation; the attack is against the
protocol, not any particular implementation. This is the second such
incident I've heard of in two days. Since it's been published in other
"mainstream" newsgroups, here's the URL of an article that explains
what's going on:
 
       <http://www.fc.net/phrack/files/p48/p48-13.html>
 
As the article points out, the attack uses the protocol's reliability
features against it. Unlike other flood attacks, it requires very little
network traffic to conduct. A small change to the network code would be
enough to change this characteristic, at a very small cost in the
reliability of TCP connection initiation.
 
-- Bruce
 
 
 
--------------------------------------------------------------------------
Bruce Toback    Tel: (602) 996-8601| My candle burns at both ends;
OPT, Inc.            (800) 858-4507| It will not last the night;
11801 N. Tatum Blvd. Ste. 142      | But ah, my foes, and oh, my friends -
Phoenix AZ 85028                   | It gives a lovely light.
[log in to unmask]                   |     -- Edna St. Vincent Millay