[nsp] known networks for broadcast ping attacks
Jay R. Ashworth
jra at scfn.thpl.lib.fl.us
Wed Jul 30 20:44:15 UTC 1997
On Wed, Jul 30, 1997 at 03:47:26PM -0400, Jordyn A. Buchanan wrote:
> The LAN is being used indirectly to attack another network. Pings are
> spoofed as originating from the machine that is being attacked and sent to
> the broadcast address on another network. This causes every machine on the
> receiving network to send an ECHO_RESPONSE to the machine being attacked,
> esentially creating a huge multiplying effect on a ping flood attack.
>
> Apparently, the MAE-East LAN is one of the networks that attackers are
> using to flood other hosts.
Time to attempt to put my other foot in my mouth.
Ought IP stack implementations not to refuse to reply to ECHO_REQUEST
packets with destination address which are broadcast addresses?
Ok, yes, I know that CIDR makes this harder, but knowing which nets
fall on non-octet boundaries is non-obvious, too, and this particular
attack wasn't trying...
.255 is _always_ a broadcast address, no?
Cheers,
-- jra
--
Jay R. Ashworth jra at baylink.com
Member of the Technical Staff Unsolicited Commercial Emailers Sued
The Suncoast Freenet "People propose, science studies, technology
Tampa Bay, Florida conforms." -- Dr. Don Norman +1 813 790 7592
More information about the NANOG
mailing list