[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: security requirement for multi6
On 11-nov-03, at 18:26, Masataka Ohta wrote:
Prevention of connection hijack against a temporary MITM
is not a requirement, at all.
The attack vector here would that an attacker opens a TCP session to a
third party relay host and requests a large amount of data. When the
data starts flowing, the attacker sends a false rehoming message that
makes the relay host redirect the flow to the target. Then the attacker
sends spoofed TCP ACKs that make the relay host keep sending data at
The victim will start sending back TCP RSTs to get the relay host to
stop sending data, but even if the relay host immediately stops
sending, the attacker was able to generate abusive traffic for a round
trip time. We're probably not talking megabits worth of data, but it
would be enough to choke a limited bandwidth host.
Also, the fake ACKs will probably make the RSTs fall outside the
allowed window so they're ignored, so the attack doesn't stop
regardless of RSTs.