Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Counter DoS

  • From: Rachael Treu
  • Date: Thu Mar 11 16:23:35 2004

On Thu, Mar 11, 2004 at 04:10:04PM -0500, Deepak Jain said something to the effect of:
> 
> If you wanted to do that, wouldn't the firewall just need 
> directed-broadcast left open or emulate similar behavior, or even 
> turning ip unreachables back on?

Exactly my point in using the word "amplifier" earlier.  No special config
or sploit-du-jour required.  The play-by-play below is even more complicated
than the process.
> 
> Flooding pipes accidentally is easy enough. Now people are selling 
> products to do it deliberately.

They'll be sorry.
> 
> Yeesh.
> 
> I saw a license plate this week (Virginia -IWTFM) I thought that was clever.

Nice.  :D
> 
-- 
k. rachael treu, CISSP       rara@navigo.com 
..quis costodiet ipsos custodes?..

> Deepak
> 
> Gregory Taylor wrote:
> 
> >
> >
> >Yes, lets allow the kiddies who already get away with as little work as 
> >they can in order to produce the most destruction they can, the ability 
> >to use these 'Security Systems' as a new tool for DoS attacks against 
> >their enemies.
> >
> >Scenerio:
> >
> >Lets say my name is: l33th4x0r
> >
> >I want to attack  joeblow.cable.com because joeblow666 was upset that I 
> >called his mother various inappropriate names.
> >
> >I find IP for joeblow.cable.com to be 192.168.69.69
> >
> >I find one of these 'security' systems, or multiple security systems, 
> >and i decide to forge a TCP attack from 192.168.69.69 to these 'security 
> >systems'.
> >
> >These 'security systems' then, thinking joeblow is attacking their 
> >network, will launch a retaliatory attack against the offender, 
> >192.168.69.69 thus destroying his connectivity.
> >
> >Kiddie 1   Joeblow 0    The Internet as a whole 0
> >
> >
> >Greg
> >
> >Rachael Treu wrote:
> >
> >>Mmm.  A firewall that lands you immediately in hot water with your
> >>ISP and possibly in a courtroom, yourself.  Hot.
> >>
> >>Legality aside...
> >>
> >>I don't imagine it would be too hard to filter these retaliatory
> >>packets, either.  I expect that this would be more wad-blowing
> >>than cataclysm after the initial throes, made all the more ridiculous
> >>by the nefarious realizing the new attack mechanism created by these 
> >>absurd boxen.  A new point of failure and an amplifier rolled all
> >>into one!  Joy!
> >>
> >>More buffoonery contributed to the miasma.  Nice waste of time,
> >>Symbiot.  Thanks for the pollution, and shame on the dubious ZDnet
> >>for perpetuating this garbage.
> >>
> >>ymmv,
> >>--ra
> >>
> >> 
> >>
> >
> >
> >
> >






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.