North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: Using unallocated address space - for DoS?
- From: Sean Donelan
- Date: Wed Feb 14 20:21:03 2001
On Wed, 14 February 2001, "Miguel A.L. Paraz" wrote:
> On Wed, Feb 14, 2001 at 09:21:32AM -0500, Steven M. Bellovin wrote:
> > You don't have to break into the "right" router; you just have to start
> > announcing the networks in a way that your peers don't -- can't --
> > detect is improper.
>
> I did not mean that the network operator was malicious. I meant, in the same
> way that vulnerable servers are broken into and used for DoS, can routers
> be broken into and do DoS via blackholes? I think it is hard unless you
> know the right combination of vulnerable router (sniffable LAN?) and
> unprotected upstream or peer.
Once again, you don't need to break into someone else's routers. This
isn't an exploit list, so I'm not going to post a cookbook on how to do
it. But due to the limited protection in some networks, it remains a
relatively simple attack or accident waiting to happen.
Why break into a bank, when you can push a button on the side of the
building and money comes out. Unlike a cash machine, where you need
to know at least a PIN in addition to some working bank account number,
you can wipe out almost any IP address you don't like with essentially
no authentication.
|
