[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SSL search attack
>
> I see nothing wrong with the concept of being allocated an initial chunk
> and having the scan software attempt to ACK it when 50% of it has been
> searched. A successful ACK would allow the releasing of a new chunk (in
> response) equal in size to the returned chunk. A failure of the Server to
> accept the ACK would trigger a retry at set intervals (such as 75% and 100%
> or 60/70/80/90/100%) until the Server responds. Thus the scanner is always
> in possession of a Full Sized Chuck to scan (so long as the Server accepts
> an ACK before the 100% done mark) and temporary failures will not stop the
> process of a scanner as currently happens.
>
The only way this can work is if the server is told it is a 50%/75%/etc
size ACK, and then latter the server is ACKed for the full 100%.
Why? Because what happens if the client dies immediately after doing
the ACK - maybe only 51% of that space has been searched, yet
the server has already seen an ACK for it.
IMO - a % ACK is to much complexity and extra work on the server,
which is already having trouble keeping up.
Dan
------------------------------------------------------------------
Dan Oelke Alcatel Network Systems
[email protected] Richardson, TX