GrapheneOS on Nostr: The naive approach to enforcing TCP connection limits starts with the initial SYN ...
The naive approach to enforcing TCP connection limits starts with the initial SYN packet. An attacker can leverage this to their advantage with a spoofed SYN packet flood to fill the connection limit tracking tables to bypass them or block all new connections if you fail closed.
Published at
2024-04-16 15:02:41Event JSON
{
"id": "7f3e5952bdddc7370074ccbbc1f24fef6f103266ee9d50bb1b5e6a99c164e0ff",
"pubkey": "5468bceeb74ce35cb4173dcc9974bddac9e894a74bf3d44f9ca8b7554605c9ed",
"created_at": 1713279761,
"kind": 1,
"tags": [
[
"e",
"d97617460005504b3df8df76386452076655f30c37db8eeb13d5543174ceb716",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://grapheneos.social/users/GrapheneOS/statuses/112281502421881442",
"activitypub"
]
],
"content": "The naive approach to enforcing TCP connection limits starts with the initial SYN packet. An attacker can leverage this to their advantage with a spoofed SYN packet flood to fill the connection limit tracking tables to bypass them or block all new connections if you fail closed.",
"sig": "061cb11d3091e705e056985598b96b2c31468cb34a04526a655569e4750ecfc90867f1ab90b79806b7dfe1a0dba7fc336ea4fa11e0d801d72984b2f0e96795bb"
}
