Firewalls: tcp TH_RST annoyances

Firewalls
(December 1994)

Indexed By Thread: [Previous] [Next]

Subject:	tcp TH_RST annoyances
From:	jon @ london . csd . harris . com (Jon Shallow)
Date:	Fri, 16 Dec 94 13:18:47 GMT
To:	firewalls @ greatcircle . com

Take the following scenario

. Host A (Firewall) sets up and is using tcp session to Host B somewhere
  on the Internet.
. Hacker on Host C on the Internet sees this sesssion and sends a tcp
  TH_RST to host A (with correct ports etc), faking he is coming from B.
. A's session then resets itself and shuts down.

The more general case is C says he is B on say port 23, and sprays all
ports on A with TH_RST packets.

Is there any way of preventing this sort of malicious denial of service
attack ?

Regards

Jon
-- 

			Jon Shallow, Harris Computer Systems Corporation
			Jon .
 Shallow @
 mail .
 hcsc .
 com
			Tel	+44 (0) 1276 686886
			Fax	+44 (0) 1276 678733

Follow-Ups:

Re: tcp TH_RST annoyances
From: Marcus J Ranum <mjr @ tis . com>
Re: tcp TH_RST annoyances
From: lavondes @ tidtest . total . fr (Michel Lavondes)

Indexed By Date	Previous:	Re: SEAL vs FWTK From: doc @ deathstar . lis . cch . com (Matthew J. D'Errico)
Indexed By Date	Next:	Re: tcp TH_RST annoyances From: lavondes @ tidtest . total . fr (Michel Lavondes)
Indexed By Thread	Previous:	Re: TribeLink Ethernet Remote From: "Philip C. Speck" <speck @ ins . com>
Indexed By Thread	Next:	Re: tcp TH_RST annoyances From: lavondes @ tidtest . total . fr (Michel Lavondes)