Firewall Wizards mailing list archives
Re: Blitzkrieg Server -- For Real?!
From: tqbf () secnet com
Date: Tue, 12 May 1998 00:21:53 -0500 (CDT)
source IP addresses. Unless _every_ router from the attacker keeps a complete traffic log, _including_ the port/line from which a particular packet was received, it is not possible to trace such a spoof back after the fact. (It is extremely hard to do _while_ it is happening; compare to
This is not (specifically, in point of technical fact) true. It is possible for a cooperating path of routers to trace back IP traffic without logging all of it; I would not expect reasonably reliable (in terms of ratio of successful traces to failures) to be difficult to implement if the world agreed on a protocol to do so. Protocols that allow routers to cooperatively trace back IP packets are already in development. In order to implement something like this, all you would need would be some appropriately sized cache of (address, interface) tuples. Within some window of time, it would be possible to query the router for the physical interface (or, more likely, the next-hop back) associated with any given packet received from it. There are already Perl scripts that (very crudely) force chains of routers to "cooperate" using their enable passwords and debugging interfaces. I'm just posting this to clear up any misunderstandings that anyone might have received about how feasable it is to trace IP traffic; I don't think we know enough about the subject to say conclusively whether it's feasable. However, the assumption that persistant logging would be required to do it probably isn't true. Of course, this has no bearing whatsoever on that idiotic press announcement about the "Blitzkrieg" server. No real commercial organizations with brains enough to retain an attorney would be dumb enough to design and produce software that launched counterattacks. ----------------------------------------------------------------------------- Thomas H. Ptacek Secure Networks, Inc. ----------------------------------------------------------------------------- http://www.enteract.com/~tqbf "If you're so special, why aren't you dead?"
Current thread:
- Blitzkrieg Server -- For Real?! arager (May 07)
- Re: Blitzkrieg Server -- For Real?! David C Niemi (May 09)
- Re: Blitzkrieg Server -- For Real?! Kinczli Zoltan (May 09)
- Re: Blitzkrieg Server -- For Real?! ( LONG ) Nick Drage (May 09)
- Re: Blitzkrieg Server -- For Real?! ( LONG ) Mike Bresina (May 10)
- Re: Blitzkrieg Server -- For Real?! Rick Smith (May 09)
- <Possible follow-ups>
- RE: Blitzkrieg Server -- For Real?! Stout, William (May 09)
- Re: Blitzkrieg Server -- For Real?! dharris (May 09)
- RE: Blitzkrieg Server -- For Real?! Catherine Francis (May 11)
- Re: Blitzkrieg Server -- For Real?! tqbf (May 13)
- RE: Blitzkrieg Server -- For Real?! Safier, Adam (GEIS) (May 11)
- RE: Blitzkrieg Server -- For Real?! Vin McLellan (May 13)
- Re: Blitzkrieg Server -- For Real?! David Kennedy CISSP (May 18)