Re: New Denial of Service Attack on Panix\

[Matt Zimmerman <mdz () netrail net>]

[CC: list rigorously trimmed]
On Thu, 3 Oct 1996, Tim Bass wrote:

> Why when an attacked host sends a SYN,ACK to an UNREACHABLE
> destination does the SYN,ACK just go down a black hole
> without an ICMP message to the originator, when I use
> 0.0.0.4 as a spoofed address?
>
> Shouldn't this be covered in an RFC somewhere as something
> that must happen?  

RFC792:

      If, according to the information in the gateway's routing tables,
      the network specified in the internet destination field of a
      datagram is unreachable, e.g., the distance to the network is
      infinity, the gateway may send a destination unreachable message
      to the internet source host of the datagram.  In addition, in some
      networks, the gateway may be able to determine if the internet
      destination host is unreachable.  Gateways in these networks may
      send destination unreachable messages to the source host when the
      destination host is unreachable.

ICMP unreachable messages are optional in any case, but there seems to be
a singularity about 0/8.  Does anyone know why this is?

Try using a different bogus source address...

--
// Matt Zimmerman       Chief of System Management           NetRail, Inc.
// mdz () netrail net                                       sales () netrail net
// (703) 524-4800 [voice]    (703) 516-0500 [data]    (703) 534-5033 [fax]

- - - - - - - - - - - - - - - - -