Jon Shallow writes:
> . Host A (Firewall) sets up and is using tcp session to Host B somewhere
> on the Internet.
> . Hacker on Host C on the Internet sees this sesssion and sends a tcp
> TH_RST to host A (with correct ports etc), faking he is coming from B.
> . A's session then resets itself and shuts down.
> The more general case is C says he is B on say port 23, and sprays all
> ports on A with TH_RST packets.
> Is there any way of preventing this sort of malicious denial of service
> attack ?
If you're on the Internet, you're vulnerable to denial of
service attacks. Period. Denial of service can always be accomplished
by means of a flooding attack of legitimate traffic (ex: mail, telnet)
It's also difficult to guard upstream sites; someone desiring to blow
you off could icmp bomb a router upstream of you, or DNS cache bomb
you someplace else up the tree. One of the joys of distributed computing
is that it makes your infrastructure much more vulnerable. The good
news is that about all they can do is deny you service, generally.
[PS - real world denial of service structure hits are also a threat
most of us ignore and live with. I'm hesitant to even discuss them,
but, for example, consider what would happen if someone submitted a
postal change of address on behalf of someone else. Those are totally