On Mon, 12 Mar 2001 18:09:32 EST, "Richard A. Steenbergen" said:
And since the "victim" will have the current sequence number for inbound data, what would keep it from (correctly) sending an RST and tearing down this false connection?
And THAT my friends, was the *original* purpose for a TCP SYN flood - it wasn't to DOS the victim, it was to DOS a machine *trusted by* the victim so you could forge a connection and NOT get nailed by an RST. I'm sure that Steve Bellovin can point us at the original discussion of this, which was *ages* ago. I remember hearing that Kevin Mitnick used that (in addition to other tricks) against Shimomura's machines and thinking "Hmm.. so it's *not* just a theoretical attack anymore..." -- Valdis Kletnieks Operating Systems Analyst Virginia Tech