Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Using unallocated address space - for DoS?

  • From: Sean Donelan
  • Date: Wed Feb 14 20:21:03 2001

On Wed, 14 February 2001, "Miguel A.L. Paraz" wrote:
> On Wed, Feb 14, 2001 at 09:21:32AM -0500, Steven M. Bellovin wrote:
> > You don't have to break into the "right" router; you just have to start 
> > announcing the networks in a way that your peers don't -- can't -- 
> > detect is improper.
> I did not mean that the network operator was malicious.  I meant, in the same
> way that vulnerable servers are broken into and used for DoS, can routers
> be broken into and do DoS via blackholes?  I think it is hard unless you 
> know the right combination of vulnerable router (sniffable LAN?) and
> unprotected upstream or peer.

Once again, you don't need to break into someone else's routers.  This
isn't an exploit list, so I'm not going to post a cookbook on how to do
it.  But due to the limited protection in some networks, it remains a
relatively simple attack or accident waiting to happen.

Why break into a bank, when you can push a button on the side of the
building and money comes out.  Unlike a cash machine, where you need
to know at least a PIN in addition to some working bank account number,
you can wipe out almost any IP address you don't like with essentially
no authentication.

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.