New Denial of Service Attack on Panix\

Tim Bass bass at linux.silkroad.com
Thu Oct 3 07:57:42 UTC 1996


Nevermind the 'clear the sockets thing' I just attack an inetd
port and then kill inetd and they go away, which allows me to
work faster in the lab.


I guess my real question to someone who is more familiar with
'RFC' history is the same as the last post...

Why when an attacked host sends a SYN,ACK to an UNREACHABLE
destination does the SYN,ACK just go down a black hole
without an ICMP message to the originator, when I use
0.0.0.4 as a spoofed address?

Shouldn't this be covered in an RFC somewhere as something
that must happen?  

The reason I ask is obvious.... if I could get the error message
I could have tcp_err() do some quick and dirty cleaning of
the queue (and at least have a piece of this puzzle in place..)


Thanks,

Tim






More information about the NANOG mailing list