Talk:Resource attack

	Main Article	Discussion	Related Articles  [?]	Bibliography  [?]	External Links  [?]	Citable Version  [?]
	To learn how to update the categories for this article, see here. To update categories, edit the metadata template.  Definition:  Malware that overwhelms processing, memory, or network resources of a computer system by sending large numbers requests that appear legitimate, but at a high rate or in some manner crafted to make resources unavailable [d] [e] Checklist and Archives  Workgroup category:  Computers [Categories OK]  Subgroup category:  Security  Talk Archive:  none  English language variant:  American English Unused subpages  Unused subpages:  - Bibliography - External Links - Works - Discography - Filmography - Catalogs - Timelines - Gallery - Audio - Video - Code - Tutorials - Student Level - Signed Articles - Function - Addendum - Debate Guide - Advanced - Recipes - Citable Version

SYNs and ACKs

The description here of which messages have which flags set is different from what I thought it was. Checking the CERT document linked, their description is different from both. Sandy Harris 15:16, 25 June 2010 (UTC)

OK, while the page looks OK to me, let me describe, from wetware memory of lots of protocol analyzer traces. There are nuances for connection collision that probably aren't relevant.

Originator sends SYN with proposed send sequence number and credit

Receiver sends SYN-ACK with proposed received sequence number if connection accepted; silent if rejecting connection

Originator confirms three-way handshake with SYN-ACK and updated bidirectional sequence numbers.

In a SYN-FLOOD, attacker repeats the first message but never the third.

--Howard C. Berkowitz 15:34, 25 June 2010 (UTC)

Page says sequence is SYN SYN SYN-ACK You say SYN SYN-ACK SYN-ACK and CERT give SYN SYN-ACK ACK. I'm almost certain CERT would be correct. Sandy Harris 15:57, 25 June 2010 (UTC)

What does the RFC say? If we're going to these levels, the state machine is also going to be looking at the sequence numbers. We'll take the TCP RFC over CERT. I may have misspoken and it is closer to SYN SYN SYN-ACK, but with sequence number constraints on the second step.Howard C. Berkowitz 16:50, 25 June 2010 (UTC)