Re: spoofing the ethernet address

[xm () GEEKMAFIA DYNIP COM (Ex Machina [xm])]

On Tue, 7 Mar 2000, Pauli Ojanpera wrote:

> AFAIK to achieve a DoS on Ethernet you need nothing but broadcast
> messages.

Very true. However, we can pretend we're in a switched environment. Let's
suppose a theoterical scheme like this does NOT do source verification
onboard the processor, but at the OS level. By sending a large amount of
spoofed/forged data, we can overwhelm the operating system with tons of
computationally expensive identity verification routines. In this
theoretical setup, a machine -- assuming it lacked any CPU limits against
this type of attack -- could be brought to its knees by a flood of
these. This would be a very effective DoS against any sort of protocol that
authenticates things this way.

What we've come up against here is a serious problem in our security
models. How do we confirm the authenticity of a network packet and not
leave ourselves vulnerable to resource consumption
attacks? Unauthenticated low level protocols are subject to resource
consumption attacks such as SYN floods where the server blindly believes
all incoming connections to be real. Future protocols that rely on
cryptographic methods for authenticating the identity of every incoming
connection will be subject to attacks where an attacker will force the
victim to perform massively resource-heavy computations.

One helpful measure owuld be to impliment the authentication in the
network hardware to reduce CPU usage. However, a real solution to this
class of attack is needed.

(Sorry about the rambling.)

Ex Machina (xm () geekmafia dynip com)     http://geekmafia.dynip.com/~xm/
phone: 1-877-LPT-WHIP icq: 3387005 aim: ExMachina public.key: finger.me
Hire me: Rhode Island Linux BSD UNIX C++ Perl HTML TCP/IP Security