Counter DoS

• Previous message (by thread): Counter DoS
• Next message (by thread): Counter DoS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Mar 11, 2004 at 04:10:04PM -0500, Deepak Jain said something to the effect of:
> 
> If you wanted to do that, wouldn't the firewall just need 
> directed-broadcast left open or emulate similar behavior, or even 
> turning ip unreachables back on?

Exactly my point in using the word "amplifier" earlier.  No special config
or sploit-du-jour required.  The play-by-play below is even more complicated
than the process.
> 
> Flooding pipes accidentally is easy enough. Now people are selling 
> products to do it deliberately.

They'll be sorry.
> 
> Yeesh.
> 
> I saw a license plate this week (Virginia -IWTFM) I thought that was clever.

Nice.  :D
> 
-- 
k. rachael treu, CISSP       rara at navigo.com 
..quis costodiet ipsos custodes?..

> Deepak
> 
> Gregory Taylor wrote:
> 
> >
> >
> >Yes, lets allow the kiddies who already get away with as little work as 
> >they can in order to produce the most destruction they can, the ability 
> >to use these 'Security Systems' as a new tool for DoS attacks against 
> >their enemies.
> >
> >Scenerio:
> >
> >Lets say my name is: l33th4x0r
> >
> >I want to attack  joeblow.cable.com because joeblow666 was upset that I 
> >called his mother various inappropriate names.
> >
> >I find IP for joeblow.cable.com to be 192.168.69.69
> >
> >I find one of these 'security' systems, or multiple security systems, 
> >and i decide to forge a TCP attack from 192.168.69.69 to these 'security 
> >systems'.
> >
> >These 'security systems' then, thinking joeblow is attacking their 
> >network, will launch a retaliatory attack against the offender, 
> >192.168.69.69 thus destroying his connectivity.
> >
> >Kiddie 1   Joeblow 0    The Internet as a whole 0
> >
> >
> >Greg
> >
> >Rachael Treu wrote:
> >
> >>Mmm.  A firewall that lands you immediately in hot water with your
> >>ISP and possibly in a courtroom, yourself.  Hot.
> >>
> >>Legality aside...
> >>
> >>I don't imagine it would be too hard to filter these retaliatory
> >>packets, either.  I expect that this would be more wad-blowing
> >>than cataclysm after the initial throes, made all the more ridiculous
> >>by the nefarious realizing the new attack mechanism created by these 
> >>absurd boxen.  A new point of failure and an amplifier rolled all
> >>into one!  Joy!
> >>
> >>More buffoonery contributed to the miasma.  Nice waste of time,
> >>Symbiot.  Thanks for the pollution, and shame on the dubious ZDnet
> >>for perpetuating this garbage.
> >>
> >>ymmv,
> >>--ra
> >>
> >> 
> >>
> >
> >
> >
> >

• Previous message (by thread): Counter DoS
• Next message (by thread): Counter DoS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]