nanog mailing list archives
Re: Access to the Internic Blocked
From: Vadim Antonov <avg () quake net>
Date: Thu, 22 Aug 1996 22:22:03 -0700
Curtis Villamizar wrote:
Not at all. LSRR is a nice tool to mount practically untraceable flooding attack (hint -- just forge source address and spread intermediate points evenly across the network). Shutting you down may be exactly what the attacker wants.
Oh come on. Like they're not going to get caught stuffing an entire T1 with LSRR packets. Face it. You're grabbing at straws.
Ugh. To kill multiple DS-3s you don't even need a full T-1 (you need one LS address for every loop), and you can kill multiple DS-3s and an IXP to boot, with the single stream of bogons routed in a loop with many hops. And there's a lot of big name Us with DS-3 connectivity and no security whatsoever. Now, throw in randomized first hop and forged source address, and i'll wish you good luck catching the perpetrator. A careful attacker would also randomize destinations and make it to look like regular TCP traffic. (And did anybody think of IP stacks which reverse the source routes, just to make things funnier).
Besides the fact that with your suggestion of traceroute using ICMP echo requests they'd just send a T1s worth of ICMP echo requests with LSRR and accomplish the same thing.
Ok, with only one intermediate point allowed. _That_ should take care of all diagnostic needs.
LSRR is just too useful for diagnosing network problems to shut down on a backbone.
I sometimes wonder if the threat of hackers is exaggregated. They certainly missed a nice opportunity to crash the Internet with TCP resets on iBGPs. Now nobody cares about the creative potential of LSRR-anonymized denial of service attacks. They must be stupid or something. Should i write a backbone-crasher and post it to USENET just to make a point about LSRRs? Note that a provider which won't shut LSRR will be the threat to others... --vadim - - - - - - - - - - - - - - - - -
Current thread:
- Re: Access to the Internic Blocked, (continued)
- Re: Access to the Internic Blocked Geoff Huston (Aug 21)
- Re: Access to the Internic Blocked John Hawkinson (Aug 21)
- Re: Access to the Internic Blocked John Hawkinson (Aug 21)
- Re: Access to the Internic Blocked Vince Fuller (Aug 22)
- Re: Access to the Internic Blocked Vadim Antonov (Aug 22)
- Re: Access to the Internic Blocked Vadim Antonov (Aug 22)
- Re: Access to the Internic Blocked Curtis Villamizar (Aug 22)
- Re: Access to the Internic Blocked Avi Freedman (Aug 23)
- Re: Access to the Internic Blocked Curtis Villamizar (Aug 23)
- Re: Access to the Internic Blocked Curtis Villamizar (Aug 22)
- Re: Access to the Internic Blocked Geoff Huston (Aug 21)
- Re: Access to the Internic Blocked Vadim Antonov (Aug 22)
- Re: Access to the Internic Blocked Vadim Antonov (Aug 22)
- Re: Access to the Internic Blocked Michael Dillon (Aug 22)
- Re: Access to the Internic Blocked Curtis Villamizar (Aug 23)
- Re: Access to the Internic Blocked Vadim Antonov (Aug 23)
- Re: Access to the Internic Blocked Vadim Antonov (Aug 23)
- Re: Access to the Internic Blocked Daniel W. McRobb (Aug 25)
- Re: Access to the Internic Blocked Curtis Villamizar (Aug 26)
- Re: Access to the Internic Blocked Daniel W. McRobb (Aug 25)
- Re: Access to the Internic Blocked Mike Trest (Aug 23)
- Re: Access to the Internic Blocked Jim Hughes (Aug 28)
- Re: Access to the Internic Blocked Hank Nussbacher (Aug 24)
- Re: Access to the Internic Blocked Sean Doran (Aug 25)