New Denial of Service Attack on Panix\
Tim Bass
bass at linux.silkroad.com
Thu Oct 3 07:57:42 UTC 1996
Nevermind the 'clear the sockets thing' I just attack an inetd
port and then kill inetd and they go away, which allows me to
work faster in the lab.
I guess my real question to someone who is more familiar with
'RFC' history is the same as the last post...
Why when an attacked host sends a SYN,ACK to an UNREACHABLE
destination does the SYN,ACK just go down a black hole
without an ICMP message to the originator, when I use
0.0.0.4 as a spoofed address?
Shouldn't this be covered in an RFC somewhere as something
that must happen?
The reason I ask is obvious.... if I could get the error message
I could have tcp_err() do some quick and dirty cleaning of
the queue (and at least have a piece of this puzzle in place..)
Thanks,
Tim
More information about the NANOG
mailing list