Full Disclosure mailing list archives
Re: ICMP-based blind performance-degrading attack
From: Chad Loder <fulldisc () loder us>
Date: Wed, 20 Jul 2005 22:19:55 -0700
Darren Reed wrote:
Ok, so you really think this is new... Go look in the bugtraq archives for 8 July 2001 and you might find an email like the one below. THere was a thread on this topic then.
Darren, you're totally off-base. That bugtraq thread talks about TCP-based attacks on host performance. You can just firewall the attacker's packets. Even ipf can do that somewhat reliably. The blind ICMP attacks are totally different. Did you even read the draft? Maybe you'd find the CanSecWest presentation easier to comprehend since it's broken down into short slides with bulleted lists. Since OpenBSD implemented fixes for the ICMP attacks, I've seen quite a few people complaining on the lists about how they thought of all this stuff years ago. That's getting really boring. A more interesting conversation would be: what are other operating systems doing to fix their stacks? --Chad _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- ICMP-based blind performance-degrading attack Fernando Gont (Jul 20)
- Re: ICMP-based blind performance-degrading attack Darren Reed (Jul 20)
- Re: ICMP-based blind performance-degrading attack Fernando Gont (Jul 20)
- <Possible follow-ups>
- Re: ICMP-based blind performance-degrading attack Chad Loder (Jul 20)
- Re: ICMP-based blind performance-degrading attack Darren Reed (Jul 20)