Re: Hackers Strike at N.Y. Internet Access Company

Robert S. Thau (rst@ai.mit.edu)
Thu, 12 Sep 1996 18:58:24 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: I'm not a real doofus, but I play one at a national laboratory.: "Re: "F" the NY Times"
Previous message: I Find Karma: "Admit to God, to yourself, and to Larry King ... (?!)"
Maybe in reply to: CobraBoy: "Hackers Strike at N.Y. Internet Access Company"

For those interested in technical details, I don't know, but have
been told, that the "messages" in question were TCP SYN packets with
forged return addresses. These are the first stage of establishment
of a TCP connection, but receipt of another packet from the (prospective)
client is required to actually finish establishing the connection. In
the meantime, the connection is in a weird "half-accepted" state where
(on a Unix server), it takes up kernel resources which nothing in userland
can direct the kernel to free up.

This is, in short, an extremely nasty attack... *very* difficult to
counter or even to trace.

rst

Next message: I'm not a real doofus, but I play one at a national laboratory.: "Re: "F" the NY Times"
Previous message: I Find Karma: "Admit to God, to yourself, and to Larry King ... (?!)"
Maybe in reply to: CobraBoy: "Hackers Strike at N.Y. Internet Access Company"