Stealth Computing Abuses TCP Checksums
georgemw at speakeasy.net
georgemw at speakeasy.net
Sun Sep 2 09:23:10 PDT 2001
On 1 Sep 2001, at 1:38, Dan Geer wrote:
> . "Below, we present an implementation of a parasitic computer
> . using the checksum function. In order for this to occur,
> . one needs to design a special message that coerces a target server
> . into performing the desired computation."
>
> This is the same principle that underlies denial of service
> attacks -- the irreducible residual vulnerability of a system
> to denial of service is proportional to the amount of work (or
> time) that system must do (or consume) before it can conclude
> its initial authorization decision. Ironically, the more
> precise and complex that authorization decision process, the
> greater the amount of work that the active (initiating) side of
> the connection can call on the passive side to perform. This
> critically bears on protocol and application security design.
>
> --dan
>
>
Since I haven't noticed anyone else point this out (apologies for
my redundancy if I just somehow missed it), it's worth mentioning
that the original result was more of a "gee whiz, it's interesting we
can do this in principle" type of thing than an actual threat of
something anybody would ever actually do. Yes, you can trick a
remote host into performing calculations for you with a specially
prepared message, but it requires a hell of a lot more effort to
prepare the message than it would to perform the calculation
yourself.
George
More information about the Testlist
mailing list