Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Daemonic

From: "J. Oquendo" <intrusion () ENGINEER COM>
Date: Mon, 28 Aug 2000 16:31:20 -0400


Are you sure?  This wasn't working on port 179 until I added htons()
to the lines where you set the ports (under Linux).  It looks like your
code just floods packets with no actual BGP messages inside, I'm not
sure how this is supposed to mangle a session.




Well I've re-written it twice so the version on my site is the latest one. Again this was sent in as theory based, on 
the notion if neighborA flooded neighborB, neighborB would in turn disconnect the neighbor state somewhere down the 
line. Please don't reply with filtering stuff since I'm aware of it and if it were even implemeneted as much there 
would be no DoS attacks or smurfs would there ;O

I've read the RFC's so as stated it is theory based which goes along with the paper I'm writing called theories in dos 
which takes a look at router based attacks as opposed to host based attacks.

I've tried it on two Linux machines running Zebra which is a router emulator and unfortunately I don't think I could 
find someone to allow me to tamper with their live routers.




Did you try this on a real router?




See above...

www.antioffline.com/TID/ Theories in DoS
www.antioffline.com/daemonic.c


Please excuse me for being a bit ticked off for this comment but isnt this a vulnerabilities testing list?

Please take some time to re-read a post/slice of code/something and see if there is something along the lines of 
DEVELOPMENT, or something that says "Hey this only a test, if this had been a real emergency you would have been 
instructed to head for the nearest bomb shelter and scream."

So I snip to my original header now -->

/*
This theorized DoS is based on the presumption that routers who flood their neighbors will be ignored therefore killing 
the connection. I plan on tweakning up something to send BGP error code 6's as NEIGHBOR(spoofed) --> NEIGHBOR to see 
whether or not
that would break connectivity.

*/

Sorry for that outburst but I received too many messages with the same stuff... "Hey I can't get it to work", "hOw Do I 
cOmpIle", etc, etc.

I'm sure I'm not the only one here with resources to test this out one whether its a router, another machine running 
router emulation, etc. You be the judge of your own net/netsecurity testing.

J. Oquendo

______________________________________________
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup
Previous By Date Next
Previous By Thread Next

Current thread: