nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New Denial of Service Attack on Panix\

From: Tim Bass <bass () linux silkroad com>
Date: Thu, 3 Oct 1996 03:57:42 -0400 (EDT)

Nevermind the 'clear the sockets thing' I just attack an inetd
port and then kill inetd and they go away, which allows me to
work faster in the lab.


I guess my real question to someone who is more familiar with
'RFC' history is the same as the last post...

Why when an attacked host sends a SYN,ACK to an UNREACHABLE
destination does the SYN,ACK just go down a black hole
without an ICMP message to the originator, when I use
0.0.0.4 as a spoofed address?

Shouldn't this be covered in an RFC somewhere as something
that must happen?  

The reason I ask is obvious.... if I could get the error message
I could have tcp_err() do some quick and dirty cleaning of
the queue (and at least have a piece of this puzzle in place..)


Thanks,

Tim

- - - - - - - - - - - - - - - - -
Previous By Date Next
Previous By Thread Next

Current thread: