Bugtraq mailing list archives
Loaded system no protection.
From: bicknell () ussenterprise async vt edu (Leo Bicknell)
Date: Fri, 27 Jan 1995 16:03:45 -0500 (EST)
Several people have already pointed out to me that a loaded system is no protection from the IP spoofing attack, since a hacker can just wait until the machine is less loaded. I do not consider a loaded system protection, I mearly want to know if it would signifigantly decrease the attackers odds. To date I have heard figures about guessing that all seem to assume you can pretty much gaurantee two sequential connections to a machine. In this case I have seen odds from 1 in 2, up to 1 in 10,000. (Since you also have to get the time interval right, which on a loaded _network_ will be more difficult). It would not surprise me if you had two machines on a single cable, both doing nothing that you could easily get in 1 out of every two tries. At the same time it also seems that if you have a busy machine on a busy network you're closer to the 1 in 10,000 figure, if not (much?) higher. This is important to people who want to try and track this. Say for instance you were to log every packet that goes by (as I'm told some places do). Now, if the attacker has a 1 in 2 chance you might very well be looking for a single packet...a needle in a haystack if you will. If it's a 1 in 10,000 chance an automated system might notice 4-5,000 more or less identical packets comming from somewhere. I by no means want a loaded system to be my security, and that wasn't really what my origional query was about. I'm more interested in how easy this really is to do, and being short of time like most people are I don't want to write a program to do it, and then run 10,000 tests on it to see how many times I get in. I suppose I was hoping someone would have already done this and be able to share some results. -- Leo Bicknell - bicknell () vt edu | Make a little birdhouse bicknell () csugrad cs vt edu | in your soul...... bicknell () ussenterprise async vt edu | They Might http://ussenterprise.async.vt.edu/~bicknell/ | Be Giants
Current thread:
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Dave Mitchell (Jan 26)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Jonathan M. Bresler (Jan 26)
- <Possible follow-ups>
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Jon Peatfield (Jan 26)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Paul Traina (Jan 26)
- Would an encrypted tunnel solve the SeqNo guessing attack? Bennett Todd (Jan 26)
- Re: Would an encrypted tunnel solve the SeqNo guessing attack? Mark (Jan 26)
- Loaded system no protection. Leo Bicknell (Jan 27)
- Re: Would an encrypted tunnel solve the SeqNo guessing attack? Marc Tamsky (Jan 27)
- Re: Would an encrypted tunnel solve the SeqNo guessing attack? Paul Robinson (Jan 27)
- Very Confused!! Mohamad A Khatoun (Jan 27)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Paul Traina (Jan 26)
- Notes from Tsutomo's Talk Michael B. Dilger (Jan 26)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Pete Shipley (Jan 26)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Jon Peatfield (Jan 27)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Aleph One (Jan 31)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Daniel O'Callaghan (Jan 26)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Jonathan M. Bresler (Jan 26)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Brian J. Murrell (Jan 26)