Denial of service attacks apparently from UUNET Netblocks
karl at mcs.net
Tue Oct 7 11:52:20 UTC 1997
No. This was a transmission of 1K packets and was not in the style of any
previously-seen attack that I'm aware of. Its a new thing.
There was no attempt to SYN flood, or hit broadcast addresses, or use
source-routing. All of that is protected against fairly well here. This
was a simple "the machines are on a 10Mbps pipe, so hit them with 30Mbps of
traffic and flood their NIC ports to the point that they're useless".
Karl Denninger (karl at MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin
http://www.mcs.net/~karl | T1's from $600 monthly to FULL DS-3 Service
| NEW! K56Flex modem support is now available
Voice: [+1 312 803-MCS1 x219]| 56kbps DIGITAL ISDN DOV on analog lines!
Fax: [+1 312 803-4929] | 2 FULL DS-3 Internet links; 400Mbps B/W Internal
On Tue, Oct 07, 1997 at 07:01:34AM -0400, Dan Foster wrote:
> Hot Diggety! Doug Davis was rumored to have said...
> > 19:56:56.854432 snap 0:0:0:8:0 126.96.36.199.1900 > 188.8.131.52.57039: S 674719801:674719801(0) win 65535 (ttl 21, id 13333)
> > 19:56:56.854432 snap 0:0:0:8:0 184.108.40.206.1900 > 220.127.116.11.57040: S 674719801:674719801(0) win 65535 (ttl 21, id 13334)
> > 19:56:56.854432 snap 0:0:0:8:0 18.104.22.168.1900 > 22.214.171.124.57041: S 674719801:674719801(0) win 65535 (ttl 21, id 13335)
> > 19:56:56.855409 snap 0:0:0:8:0 126.96.36.199.1900 > 188.8.131.52.57042: S 674719801:674719801(0) win 65535 (ttl 21, id 13336)
> Ouch...painful. A whole lot of SYNs with forged source address, eh? Hmm...
> interesting. Karl, if I might ask - did your attack originate from any specific
> port, like 1900 as is listed here?
> I'm just curious since I'd like to get a rough idea if there's some program
> other than smurf.c out there that makes use of a specific port by default,
> or if this is just a one time occurence by a few separate idiots.
> And as usual, thanks for the heads up from folks on NANOG.
> -Dan Foster
> Frontier Internet
> Internet: dsf at frontiernet.net
More information about the NANOG