Full Disclosure mailing list archives
Re: ICMP-based blind performance-degrading attack
From: Chad Loder <fulldisc () loder us>
Date: Wed, 20 Jul 2005 22:19:55 -0700
Darren Reed wrote:
Ok, so you really think this is new... Go look in the bugtraq archives for 8 July 2001 and you might find an email like the one below. THere was a thread on this topic then.
Darren, you're totally off-base. That bugtraq thread talks about
TCP-based attacks on host performance. You can just firewall the
attacker's packets. Even ipf can do that somewhat reliably.
The blind ICMP attacks are totally different. Did you even read
the draft? Maybe you'd find the CanSecWest presentation easier
to comprehend since it's broken down into short slides with
bulleted lists.
Since OpenBSD implemented fixes for the ICMP attacks, I've seen quite
a few people complaining on the lists about how they thought of all
this stuff years ago. That's getting really boring. A more interesting
conversation would be: what are other operating systems doing to fix
their stacks?
--Chad
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- ICMP-based blind performance-degrading attack Fernando Gont (Jul 20)
- Re: ICMP-based blind performance-degrading attack Darren Reed (Jul 20)
- Re: ICMP-based blind performance-degrading attack Fernando Gont (Jul 20)
- <Possible follow-ups>
- Re: ICMP-based blind performance-degrading attack Chad Loder (Jul 20)
- Re: ICMP-based blind performance-degrading attack Darren Reed (Jul 20)