Counter DoS
Deepak Jain
deepak at ai.net
Thu Mar 11 21:10:04 UTC 2004
If you wanted to do that, wouldn't the firewall just need
directed-broadcast left open or emulate similar behavior, or even
turning ip unreachables back on?
Flooding pipes accidentally is easy enough. Now people are selling
products to do it deliberately.
Yeesh.
I saw a license plate this week (Virginia -IWTFM) I thought that was clever.
Deepak
Gregory Taylor wrote:
>
>
> Yes, lets allow the kiddies who already get away with as little work as
> they can in order to produce the most destruction they can, the ability
> to use these 'Security Systems' as a new tool for DoS attacks against
> their enemies.
>
> Scenerio:
>
> Lets say my name is: l33th4x0r
>
> I want to attack joeblow.cable.com because joeblow666 was upset that I
> called his mother various inappropriate names.
>
> I find IP for joeblow.cable.com to be 192.168.69.69
>
> I find one of these 'security' systems, or multiple security systems,
> and i decide to forge a TCP attack from 192.168.69.69 to these 'security
> systems'.
>
> These 'security systems' then, thinking joeblow is attacking their
> network, will launch a retaliatory attack against the offender,
> 192.168.69.69 thus destroying his connectivity.
>
> Kiddie 1 Joeblow 0 The Internet as a whole 0
>
>
> Greg
>
> Rachael Treu wrote:
>
>> Mmm. A firewall that lands you immediately in hot water with your
>> ISP and possibly in a courtroom, yourself. Hot.
>>
>> Legality aside...
>>
>> I don't imagine it would be too hard to filter these retaliatory
>> packets, either. I expect that this would be more wad-blowing
>> than cataclysm after the initial throes, made all the more ridiculous
>> by the nefarious realizing the new attack mechanism created by these
>> absurd boxen. A new point of failure and an amplifier rolled all
>> into one! Joy!
>>
>> More buffoonery contributed to the miasma. Nice waste of time,
>> Symbiot. Thanks for the pollution, and shame on the dubious ZDnet
>> for perpetuating this garbage.
>>
>> ymmv,
>> --ra
>>
>>
>>
>
>
>
>
More information about the NANOG
mailing list