nanog mailing list archives
Re: [nsp] known networks for broadcast ping attacks
From: "Jay R. Ashworth" <jra () scfn thpl lib fl us>
Date: Wed, 30 Jul 1997 16:44:15 -0400
On Wed, Jul 30, 1997 at 03:47:26PM -0400, Jordyn A. Buchanan wrote:
The LAN is being used indirectly to attack another network. Pings are spoofed as originating from the machine that is being attacked and sent to the broadcast address on another network. This causes every machine on the receiving network to send an ECHO_RESPONSE to the machine being attacked, esentially creating a huge multiplying effect on a ping flood attack. Apparently, the MAE-East LAN is one of the networks that attackers are using to flood other hosts.
Time to attempt to put my other foot in my mouth. Ought IP stack implementations not to refuse to reply to ECHO_REQUEST packets with destination address which are broadcast addresses? Ok, yes, I know that CIDR makes this harder, but knowing which nets fall on non-octet boundaries is non-obvious, too, and this particular attack wasn't trying... .255 is _always_ a broadcast address, no? Cheers, -- jra -- Jay R. Ashworth jra () baylink com Member of the Technical Staff Unsolicited Commercial Emailers Sued The Suncoast Freenet "People propose, science studies, technology Tampa Bay, Florida conforms." -- Dr. Don Norman +1 813 790 7592
Current thread:
- known networks for broadcast ping attacks Edward Henigin (Jul 30)
- Re: known networks for broadcast ping attacks J.D. Falk (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Alex.Bligh (Jul 30)
- Message not available
- Re: [nsp] known networks for broadcast ping attacks Jay R. Ashworth (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Paul Ferguson (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Netstat Webmaster (Jul 30)
- Message not available
- Re: [nsp] known networks for broadcast ping attacks Jay R. Ashworth (Jul 30)
- Message not available
- Re: [nsp] known networks for broadcast ping attacks Jordyn A. Buchanan (Jul 30)
- Message not available
- Re: [nsp] known networks for broadcast ping attacks Jay R. Ashworth (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Michael Shields (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Jon Lewis (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Joe Rhett (Jul 30)
- Message not available
- Re: [nsp] known networks for broadcast ping attacks Jay R. Ashworth (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Alex.Bligh (Jul 31)
- Re: [nsp] known networks for broadcast ping attacks Netstat Webmaster (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Systems Engineer (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks root (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Systems Engineer (Jul 30)