Vulnerability Development mailing list archives
Re: Daemonic
From: "J. Oquendo" <intrusion () ENGINEER COM>
Date: Mon, 28 Aug 2000 16:31:20 -0400
Are you sure? This wasn't working on port 179 until I added htons() to the lines where you set the ports (under Linux). It looks like your code just floods packets with no actual BGP messages inside, I'm not sure how this is supposed to mangle a session.
Well I've re-written it twice so the version on my site is the latest one. Again this was sent in as theory based, on the notion if neighborA flooded neighborB, neighborB would in turn disconnect the neighbor state somewhere down the line. Please don't reply with filtering stuff since I'm aware of it and if it were even implemeneted as much there would be no DoS attacks or smurfs would there ;O I've read the RFC's so as stated it is theory based which goes along with the paper I'm writing called theories in dos which takes a look at router based attacks as opposed to host based attacks. I've tried it on two Linux machines running Zebra which is a router emulator and unfortunately I don't think I could find someone to allow me to tamper with their live routers.
Did you try this on a real router?
See above... www.antioffline.com/TID/ Theories in DoS www.antioffline.com/daemonic.c Please excuse me for being a bit ticked off for this comment but isnt this a vulnerabilities testing list? Please take some time to re-read a post/slice of code/something and see if there is something along the lines of DEVELOPMENT, or something that says "Hey this only a test, if this had been a real emergency you would have been instructed to head for the nearest bomb shelter and scream." So I snip to my original header now --> /* This theorized DoS is based on the presumption that routers who flood their neighbors will be ignored therefore killing the connection. I plan on tweakning up something to send BGP error code 6's as NEIGHBOR(spoofed) --> NEIGHBOR to see whether or not that would break connectivity. */ Sorry for that outburst but I received too many messages with the same stuff... "Hey I can't get it to work", "hOw Do I cOmpIle", etc, etc. I'm sure I'm not the only one here with resources to test this out one whether its a router, another machine running router emulation, etc. You be the judge of your own net/netsecurity testing. J. Oquendo ______________________________________________ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup
Current thread:
- Daemonic J. Oquendo (Aug 24)
- <Possible follow-ups>
- Re: Daemonic J. Oquendo (Aug 28)
- Re: Daemonic Ron DuFresne (Aug 28)