nanog mailing list archives
Re: [nsp] known networks for broadcast ping attacks
From: Systems Engineer <snash () lightning net>
Date: Wed, 30 Jul 1997 17:21:12 -0400
Well I happen to know the writer of "smurf.c" and he is really pissed at how his exploit for this attack has been passed around like candy, then again, he gave it out publically on the IRC. This bug is exactly like the one that "pepsi.c" exploited. Little kids will have their fun with it, realize that it is dumb and that people are patching themselves against it, and it will die. In the meantime , I did understand how it works, just explained it a little off :). Netstat Webmaster wrote:
On Wed, 30 Jul 1997, Systems Engineer wrote:Actually people are making it seem that the entire MAE is sendingyou anecho. No one is mounting an attack from there, they are justmaking itlook like it is coming from there.Well thats not entirely true. In effect the victim is indeed being 'attacked' by MAE machines on that network. Look at it like this: evil.com -> generates packet with forged address as (victim.com(icmp_echo)) -> destination for spoofed packet (25 .255 broadcast addresses).From here... all 25 network's broadcast address pass the icmp withthe forged address on to all machines using that network. Each machine then replies as: xxx.xxx.xxx.255 abused.net.com (echo_reply) -> victim.com abused2.net.com (echo_reply) -> victim.com yyy.yyy.yyy.255 abused3.othernet.com (echo_reply) -> victim.com abused4.othernet.com (echo_reply) -> victim.com [...etc...] Its a rather obnoxious attack, and its not exactly new. Though I do think that it will get much worse now that smurf.c has been written and is being passed around like candy. The real problem I see with this particular attack is that there is nothing short of blocking all ICMPs that 'victim.com' can do. At least not that I am aware of. Regards, Tripp webmaster@http://www.netstat.net
-- --- --- --- --- --- --- --- --- --- Steven Nash ph: (516)248-8400ext25 Systems Engineer / Network Security fax: (516)248-8897 Lightning Internet Services LLC email: snash () lightning net http://www.lightning.net --- --- --- --- --- --- --- --- ---
Current thread:
- Re: [nsp] known networks for broadcast ping attacks, (continued)
- Message not available
- Re: [nsp] known networks for broadcast ping attacks Jay R. Ashworth (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Jordyn A. Buchanan (Jul 30)
- Message not available
- Re: [nsp] known networks for broadcast ping attacks Jay R. Ashworth (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Michael Shields (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Jon Lewis (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Joe Rhett (Jul 30)
- Message not available
- Re: [nsp] known networks for broadcast ping attacks Jay R. Ashworth (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Alex.Bligh (Jul 31)
- Re: [nsp] known networks for broadcast ping attacks Netstat Webmaster (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Systems Engineer (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks root (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Systems Engineer (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks root (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Systems Engineer (Jul 30)