Government scrutiny is headed our way

Joe Shaw jshaw at insync.net
Mon Jun 22 04:24:47 UTC 1998


On Sun, 21 Jun 1998, Brett Frankenberger wrote:

> > I fell out of my chair at that statement.  One user/host cannot be a smurf
> > amplifier; one network from a /30 and down can with different results.
> 
> If I modify my kernel to generate 100 ECHO REPLYs for each ICMP ECHO I
> recieve, how is my PC signifigantly different than a /24 behind a
> router that doens't have "no ip directed-boradcast" (or it's
> equivalent) configured, with 100 devices on it that all respond to ICMP
> ECHOs addressed to the boracast address?

Point noted.

Damn, I get stuck every time I use a blanket statement like that.  True,
in your case it could be possible, but modifying the kernel of a
workstation to behave like that would be somewhat foolish since it
would be easily tracked back to that workstations IP address by the
traffic log most clued admins would put in place when they found they
were under attack.  If someone is capable of modifying the kernel of a 
machine that doesn't belong to them, then smurf is the least of their
worries;  they've got a compromise to deal with.  And I think in the case
you've presented, it would be easy to point back to the compromised host,
not that it would do you any good if the people responsible wouldn't act
on the problem.

> I'm not saying that I believe this rumor (or even that I've heard it
> before now), nor am I saying that the rumor has as much thought behind
> it as my previous paragraph does, nor am I saying that if you were
> going to implement such a thing on a Windows machine that you would
> implement it in system.exe.  (I'm not even saying that system.exe
> exists.)

Hehe... Plausible (sp?) deniability? :)

> But I am saying that such a thing is technically feasible.  And I am
> saying that there are people out there who are not above writing a
> virus that facilitiate the use of other people's machines in DOS
> attacks.

Agreed.  I think to be more accurate, I should say that an instance like
that hasn't presented itself yet.  But, it's entirely possible someone
with half a clue might be able to do it on a windows box, and it's
certainly possible on various UN*X platforms.  The question is, would
someone with that kind of skill be willing to do something with those kind
of implications?  If they are capable of that then a smurf attack is
somewhat trivial.  

However, I think we're getting off topic for the list, but I'd be more
than happy to continue this discussion off-list.

>           - Brett  (brettf at netcom.com)

Regards,
Joe Shaw - jshaw at insync.net
NetAdmin - Insync Internet Services




More information about the NANOG mailing list