New Denial of Service Attack on Panix

Dima Volodin dvv at sprint.net
Wed Oct 2 21:32:52 UTC 1996


Tim Bass writes:
> 
> [...]
> 
> Because, it seems to me, since the way to exploit TCP
> is to use bogus, unreachable IP sources, why not use
> this fact to let the kernal just filter itself under
> certain flooding conditions?
> 
> Please let me know why this will not work.
> 
> Thanks,

It will, except that a slight modification of the attack (using IP
addresses that _don't_ produce ICMP_UNREACH) will get us back to square
one.

Anyway, filtering packets with SRC addresses known to generate
ICMP_UNREACH at the earliest possible stage might be a good idea.

> Tim

Dima





More information about the NANOG mailing list