Vulnerability Development mailing list archives

Re: DoS Local machines

From: xm () GEEKMAFIA DYNIP COM (Jonathan Williams)
Date: Sun, 7 May 2000 22:56:10 -0400


Or you could have afirewall drop all apckets from that ip.

Networking stacks can be patched.

Ex Machina (xm () geekmafia dynip com)    http://geekmafia.dynip.com/~xm/
phone:  1-877-LPT-WHIP         icq:  3387005           aim:  ExMachina
GnuPG Keyprint:     0627 C3A8 DE25 F7FB 46BD  4870 2006 CF7F EBDA 949D

On Sun, 7 May 2000, Jason wrote:

Date: Sun, 7 May 2000 22:29:00 -0500
From: Jason <jottwell () OPENRECORDS ORG>
To: VULN-DEV () SECURITYFOCUS COM
Subject: DoS Local machines

Hello all,

I am a network admin that is willing to take the next step in preventing
machines from attacking other machines on my network.  Let's say that IDS
such as LIDS detects an attack, I am planning on an offensive attack upon
the attacker (provided that the 'attacker' is an ip not coming from
outside of my router). I have control of over 2500 machines in several
cities and I can't look at an ip and then walk over to the box and work
with the machine.  With this said, I have control over the 2500 machines,
but I do not have admin access to every machine and security holes are
abundant. What I'm working on is a way to stop one machine from attacking
another on my network.  We have 9x, NT, linux, solaris, and AIX machines
on the network.  The AIX machines I'm not *as* worried about as I have
complete control over these boxes.  Here is a list of DoS's for the OS's
listed above that I know about:

9x - OOB, malformed packets, (choose your nuke)
NT - pretty much same as 9x
linux - nestea, land

Arp cache poisoning, and icmp redirects are attacks that I'm working with
so far.

Yes I know I can browse my way through about 50 DoS's on packetstorm,
rootshell (what happening with these guys), hack.co.za, etc.  What I'm
looking for is more along the lines of arp cache poisoning, icmp
redirects, etc that do not freeze the entire machine but only stop the
network stack.  Then a more drastic approach if that doesn't work.
Any help in this thought process would be greatly appreciated.

Jason

Current thread:

Re: The Million Dollar Solution, (continued)
- - - Re: The Million Dollar Solution Jeremy Speer (May 06)
    - Very Technical info about The VIRUS repair...but well laid out Robert Riebs (May 06)
    - Administrivia #8704 (I think we should just be friends) Blue Boar (May 06)
    - Re: The Million Dollar Solution (NOT?) Nohican (May 06)
- Re: Networking theories Matthew King (May 06)
- Re: Networking theories Bluefish (May 07)
- Re: Networking theories Aussie (May 07)
  - Re: Networking theories Matthew R. Potter (May 07)
    - Re: Networking theories J . Phillips (May 08)
  - DoS Local machines Jason (May 07)
    - Re: DoS Local machines Jonathan Williams (May 07)
    - Re: DoS Local machines Seth R Arnold (May 07)
    - Re: DoS Local machines Arturo Busleiman (May 10)
    - Re: DoS Local machines TeeSPy (May 11)
    - Re: DoS Local machines Jason (May 10)
    - Re: DoS Local machines Barclay Osborn (May 11)
  - Re: Networking theories Helmethead (May 07)
  - Re: Networking theories Dragos Ruiu (May 07)
  - Re: Networking theories Blue Boar (May 07)
- Re: Networking theories Matthew King (May 08)
  - Re: Networking theories Dug Song (May 08)

(Thread continues...)