Multipacket three way handshake

|
Tod Beardsly over at breakingpoint labs has identified a rarely recognized section of RFC 793  that allows you to deviate from the normal three way handshake. Rather than doing
A ----syn-----> B
A <---synack--- B
A ----ack-----> B

Which is the "normal" way of doing the three way handshake you can instead do:
A ----syn-----> B
A <---syn------ B
A ----synack--> B
A <---ack------ B
The change in direction could allow you to bypass stateful firewalls, bypass intrusion detection or prevention devices and perhaps change the synflood or spoofing landscape. He has successfully tested this against the major OS's.

Read the full post, containing packet captures and more at http://www.breakingpointsystems.com/community/blog/tcp-portals-the-three-way-handshake-is-a-lie
No Clean Feed - Stop Internet Censorship in Australia
Creative Commons License
This weblog is licensed under a Creative Commons License.