New Denial of Service Attack on Panix
Dima Volodin
dvv at sprint.net
Wed Oct 2 21:32:52 UTC 1996
Tim Bass writes:
>
> [...]
>
> Because, it seems to me, since the way to exploit TCP
> is to use bogus, unreachable IP sources, why not use
> this fact to let the kernal just filter itself under
> certain flooding conditions?
>
> Please let me know why this will not work.
>
> Thanks,
It will, except that a slight modification of the attack (using IP
addresses that _don't_ produce ICMP_UNREACH) will get us back to square
one.
Anyway, filtering packets with SRC addresses known to generate
ICMP_UNREACH at the earliest possible stage might be a good idea.
> Tim
Dima
More information about the NANOG
mailing list