Re: Hackers Strike at N.Y. Internet Access Company

Robert S. Thau (
Thu, 12 Sep 1996 18:58:24 -0400

For those interested in technical details, I don't know, but have
been told, that the "messages" in question were TCP SYN packets with
forged return addresses. These are the first stage of establishment
of a TCP connection, but receipt of another packet from the (prospective)
client is required to actually finish establishing the connection. In
the meantime, the connection is in a weird "half-accepted" state where
(on a Unix server), it takes up kernel resources which nothing in userland
can direct the kernel to free up.

This is, in short, an extremely nasty attack... *very* difficult to
counter or even to trace.