Government scrutiny is headed our way

Joe Shaw jshaw at insync.net
Sun Jun 21 13:33:39 UTC 1998


On Sun, 21 Jun 1998, Henry Linneweh wrote:

> Now that we have gotten down to the nitty gritty here.
> 
> AGAIN the main mechanism for spoofing the smurf attacks is A program
> call wingate, ban that code and this problem will be cut more than in half.

What does wingate have to do with this?  

Smurf attack is the term used for an ICMP echo based denial of service
attack caused by sending a forged icmp echo request to a brodcast network
address.  The attacker forges the source address of the icmp echo request
to that of his victim, so all ICMP echo replies come back and flood the
victim(s).  

Now, these packets can be hand forged by anyone with a moderate knowledge
of C and root on a UN*X workstation.  Don't fix the symptom, but fix
the reason these attacks work.  Packet authentication is the answer down
the line, but for now it's getting the twonks with their networks open to
fix the problem.  This DoS can also be done with UDP echo, and UDP packets
are much easier to forge/spoof than TCP.

> Next there is a rumor that 8000 users have been infected with a tweaked
> system.exe file that makes that user a smurf amplifier unwittingly. These
> are things to watch for. I wish there was an easier way to break bad news.

I fell out of my chair at that statement.  One user/host cannot be a smurf
amplifier; one network from a /30 and down can with different results.

Joe Shaw - jshaw at insync.net
NetAdmin - Insync Internet Services
Any spelling mistakes and/or grammar errors are due to lack of sleep...

> Henry




More information about the NANOG mailing list