Counter DoS
Rachael Treu
rara at navigo.com
Thu Mar 11 21:59:41 UTC 2004
On Thu, Mar 11, 2004 at 04:10:04PM -0500, Deepak Jain said something to the effect of:
>
> If you wanted to do that, wouldn't the firewall just need
> directed-broadcast left open or emulate similar behavior, or even
> turning ip unreachables back on?
Exactly my point in using the word "amplifier" earlier. No special config
or sploit-du-jour required. The play-by-play below is even more complicated
than the process.
>
> Flooding pipes accidentally is easy enough. Now people are selling
> products to do it deliberately.
They'll be sorry.
>
> Yeesh.
>
> I saw a license plate this week (Virginia -IWTFM) I thought that was clever.
Nice. :D
>
--
k. rachael treu, CISSP rara at navigo.com
..quis costodiet ipsos custodes?..
> Deepak
>
> Gregory Taylor wrote:
>
> >
> >
> >Yes, lets allow the kiddies who already get away with as little work as
> >they can in order to produce the most destruction they can, the ability
> >to use these 'Security Systems' as a new tool for DoS attacks against
> >their enemies.
> >
> >Scenerio:
> >
> >Lets say my name is: l33th4x0r
> >
> >I want to attack joeblow.cable.com because joeblow666 was upset that I
> >called his mother various inappropriate names.
> >
> >I find IP for joeblow.cable.com to be 192.168.69.69
> >
> >I find one of these 'security' systems, or multiple security systems,
> >and i decide to forge a TCP attack from 192.168.69.69 to these 'security
> >systems'.
> >
> >These 'security systems' then, thinking joeblow is attacking their
> >network, will launch a retaliatory attack against the offender,
> >192.168.69.69 thus destroying his connectivity.
> >
> >Kiddie 1 Joeblow 0 The Internet as a whole 0
> >
> >
> >Greg
> >
> >Rachael Treu wrote:
> >
> >>Mmm. A firewall that lands you immediately in hot water with your
> >>ISP and possibly in a courtroom, yourself. Hot.
> >>
> >>Legality aside...
> >>
> >>I don't imagine it would be too hard to filter these retaliatory
> >>packets, either. I expect that this would be more wad-blowing
> >>than cataclysm after the initial throes, made all the more ridiculous
> >>by the nefarious realizing the new attack mechanism created by these
> >>absurd boxen. A new point of failure and an amplifier rolled all
> >>into one! Joy!
> >>
> >>More buffoonery contributed to the miasma. Nice waste of time,
> >>Symbiot. Thanks for the pollution, and shame on the dubious ZDnet
> >>for perpetuating this garbage.
> >>
> >>ymmv,
> >>--ra
> >>
> >>
> >>
> >
> >
> >
> >
More information about the NANOG
mailing list