New Denial of Service Attack on Panix

• Previous message (by thread): New Denial of Service Attack on Panix
• Next message (by thread): New Denial of Service Attack on Panix
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Nevermind.....

I've been working on the non-random attack first.... I 
apologize for wasting everyones time when the approach
below does nothing for the random() attack.

Staying up too late in the lab, I guess.

Best Regards,

Tim

> 
> 
> Hi.
> 
> I've been testing the SYN attack on with 'the patch'
> with no success of stopping the attack so far with the 
> patch (right now, without the patch it is DoA and with the
> patch, the attack panics the kernel :.... but this is more-than
> likely an implementation issue that will be solved.
> 
> However, I was thinking (dangerous, admittedly) that since
> the success of the attack is based on using an UNREACHABLE
> source address and the host under attack attempts to
> ACK/SYN with the bogus attacker wouldn't it be easier to:
> 
> Just have either (1) a listening daemon; (2) or an internal
> flag in the kernel, (3) or some other better IPC, to notify
> TCP, or better yet, IP to say:  "Hey, there is a lot of
> HOST UNREACHABLES going on here, and I don't like it"
> algorithm to either (a) just filter the IP packets
> at in the kernel IP code, (best IMO) (b) or do it
> in the TCP code?
> 
> This seems simple, so I must be missing something in this!
> 
> Because, it seems to me, since the way to exploit TCP
> is to use bogus, unreachable IP sources, why not use
> this fact to let the kernal just filter itself under
> certain flooding conditions?
> 
> Please let me know why this will not work.
> 
> Thanks,
> 
> Tim
> 
> 
> 

• Previous message (by thread): New Denial of Service Attack on Panix
• Next message (by thread): New Denial of Service Attack on Panix
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]