New Denial of Service Attack on Panix
Bill Sommerfeld
sommerfeld at apollo.hp.com
Tue Sep 17 03:55:19 UTC 1996
(2) Using documented stochastic methods, look for the hidden
pattern in the pseudo-random sequences. There are computer
programs to do this, sorry, I would have to do a search to
find one (the exist, however);
Watch out for this step, it's a doozey.
The attacker could be using a non-cryptographic random number
generator (like rand() or random()), but if he had a clue, he would be
using a cryptographic random number generator based on DES, IDEA, RC4,
etc., to generate the random bitstream to fill the headers.
He could also be using /dev/random on late-model linux systems which
would probably be even harder to reverse-engineer.
- Bill
More information about the NANOG
mailing list