Author Topic: some "hacking" stuff, some ideas, and some discussion would be nice (Read 2026 times)

reaper · « **on:** March 26, 2007, 06:38:10 PM »

i'm no hacker, but i've always been fascinated with hacking in general. i think i might have a really "good" idea. today i was reading a major networking companies product review, and they claim their router/switch is immune to syn floods. i'll digress first, i'd like to share my conception that would prove this company wrong.

the reason i think this is important, is most dos attacks require so much more data to cause a dos than a syn flood. to cause a dos situation, you simply have to flood a connection (which requires massive traffic) or exploit a service (which should be patched). the syn flood was so potent, because for a time, with relativly few packets you could dos any host with a tcp stack. now there are high speed home connections, so if this attack worked, it would be very potent. i think i (someone else) can make it work!

syn floods worked because you can change your source ip, you just don't get the data back. you send tcp/syn packets with numerous source ip's, and there is a fininte space allocated for these half open connections. the finite space is their for a reason; however tcp stacks, now, circumvent this issue. they do not accept more than three half open connections from the same ip (the windows box i tested on anyways), and they will randomly drop half open connections once the allocated buffer gets high. since the stack is randomly dropping half open connections, there is still free resources for valid connection attempts (that won't be dropped because they'll get back to the source). so how do i think you can make a working lethal syn flood program.

well, hack an isp (near the target networks), install packet capture software, and send the sequence number back to the real source, and the source can send a syn/ack. i know this sounds a little crazy, but if someone did this, couldn't it really cause major dos attacks. especially if you hit major routers and things. but there's two things i'm not sure about.

how would you stop the isp's from tracing you back port by port to the offending pc, even though it is spoofing addresses?
and i'm assuming a tcp stack still has issues, even if the connections arenn't half open