Re: Daemonic

[Ron DuFresne <dufresne () WINTERNET COM>]

Still, he was correct, it did not send and or receive on port 179, it used
a number of pretty high, 3,000 rang ports to send and receive on.  We
played with it here brielfy and found the code to be off from what was
stated.

Thanks,

Ron DuFresne

On Mon, 28 Aug 2000, J. Oquendo wrote:

> > > >
> Are you sure?  This wasn't working on port 179 until I added htons()
> to the lines where you set the ports (under Linux).  It looks like your
> code just floods packets with no actual BGP messages inside, I'm not
> sure how this is supposed to mangle a session.
> > > >
>
> Well I've re-written it twice so the version on my site is the latest one. Again this was sent in as theory based, on 
> the notion if neighborA flooded neighborB, neighborB would in turn disconnect the neighbor state somewhere down the 
> line. Please don't reply with filtering stuff since I'm aware of it and if it were even implemeneted as much there 
> would be no DoS attacks or smurfs would there ;O
>
> I've read the RFC's so as stated it is theory based which goes along with the paper I'm writing called theories in 
> dos which takes a look at router based attacks as opposed to host based attacks.
>
> I've tried it on two Linux machines running Zebra which is a router emulator and unfortunately I don't think I could 
> find someone to allow me to tamper with their live routers.
>
> > > >
> Did you try this on a real router?
> > > >
>
> See above...
>
> www.antioffline.com/TID/ Theories in DoS
> www.antioffline.com/daemonic.c
>
>
> Please excuse me for being a bit ticked off for this comment but isnt this a vulnerabilities testing list?
>
> Please take some time to re-read a post/slice of code/something and see if there is something along the lines of 
> DEVELOPMENT, or something that says "Hey this only a test, if this had been a real emergency you would have been 
> instructed to head for the nearest bomb shelter and scream."
>
> So I snip to my original header now -->
>
> /*
> This theorized DoS is based on the presumption that routers who flood their neighbors will be ignored therefore 
> killing the connection. I plan on tweakning up something to send BGP error code 6's as NEIGHBOR(spoofed) --> NEIGHBOR 
> to see whether or not
> that would break connectivity.
>
> */
>
> Sorry for that outburst but I received too many messages with the same stuff... "Hey I can't get it to work", "hOw Do 
> I cOmpIle", etc, etc.
>
> I'm sure I'm not the only one here with resources to test this out one whether its a router, another machine running 
> router emulation, etc. You be the judge of your own net/netsecurity testing.
>
> J. Oquendo
>
> ______________________________________________
> FREE Personalized Email at Mail.com
> Sign up at http://www.mail.com/?sr=signup

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.