nanog mailing list archives
Re: Counter DoS
From: Rachael Treu <rara () navigo com>
Date: Thu, 11 Mar 2004 15:59:41 -0600
On Thu, Mar 11, 2004 at 04:10:04PM -0500, Deepak Jain said something to the effect of:
If you wanted to do that, wouldn't the firewall just need directed-broadcast left open or emulate similar behavior, or even turning ip unreachables back on?
Exactly my point in using the word "amplifier" earlier. No special config or sploit-du-jour required. The play-by-play below is even more complicated than the process.
Flooding pipes accidentally is easy enough. Now people are selling products to do it deliberately.
They'll be sorry.
Yeesh. I saw a license plate this week (Virginia -IWTFM) I thought that was clever.
Nice. :D
-- k. rachael treu, CISSP rara () navigo com ..quis costodiet ipsos custodes?..
Deepak Gregory Taylor wrote:Yes, lets allow the kiddies who already get away with as little work as they can in order to produce the most destruction they can, the ability to use these 'Security Systems' as a new tool for DoS attacks against their enemies. Scenerio: Lets say my name is: l33th4x0r I want to attack joeblow.cable.com because joeblow666 was upset that I called his mother various inappropriate names. I find IP for joeblow.cable.com to be 192.168.69.69 I find one of these 'security' systems, or multiple security systems, and i decide to forge a TCP attack from 192.168.69.69 to these 'security systems'. These 'security systems' then, thinking joeblow is attacking their network, will launch a retaliatory attack against the offender, 192.168.69.69 thus destroying his connectivity. Kiddie 1 Joeblow 0 The Internet as a whole 0 Greg Rachael Treu wrote:Mmm. A firewall that lands you immediately in hot water with your ISP and possibly in a courtroom, yourself. Hot. Legality aside... I don't imagine it would be too hard to filter these retaliatory packets, either. I expect that this would be more wad-blowing than cataclysm after the initial throes, made all the more ridiculous by the nefarious realizing the new attack mechanism created by these absurd boxen. A new point of failure and an amplifier rolled all into one! Joy! More buffoonery contributed to the miasma. Nice waste of time, Symbiot. Thanks for the pollution, and shame on the dubious ZDnet for perpetuating this garbage. ymmv, --ra
Current thread:
- Re: Counter DoS, (continued)
- Re: Counter DoS Brian Bruns (Mar 11)
- Re: Counter DoS Brian Bruns (Mar 11)
- Re: Counter DoS Gregory Taylor (Mar 11)
- Re: Counter DoS Valdis . Kletnieks (Mar 11)
- Re: Counter DoS Rachael Treu (Mar 11)
- Re: Counter DoS Vinny Abello (Mar 11)
- Re: Counter DoS E.B. Dreger (Mar 11)
- Re: Counter DoS Rachael Treu (Mar 11)
- Re: Counter DoS Gregory Taylor (Mar 11)
- Re: Counter DoS Deepak Jain (Mar 11)
- Re: Counter DoS Rachael Treu (Mar 11)
- Re: Counter DoS Petri Helenius (Mar 11)
- Re: Counter DoS Laurence F. Sheldon, Jr. (Mar 11)
- Re: Counter DoS william(at)elan.net (Mar 11)
- Re: Counter DoS Laurence F. Sheldon, Jr. (Mar 11)
- Re: Counter DoS Brian Bruns (Mar 11)
- Re: Counter DoS Rachael Treu (Mar 15)
- RE: Counter DoS Mark Borchers (Mar 10)
- RE: Counter DoS Christopher L. Morrow (Mar 10)