Vulnerability Development mailing list archives
Re: spoofing the ethernet address
From: xm () GEEKMAFIA DYNIP COM (Ex Machina [xm])
Date: Tue, 7 Mar 2000 19:43:59 -0500
On Tue, 7 Mar 2000, Pauli Ojanpera wrote:
AFAIK to achieve a DoS on Ethernet you need nothing but broadcast messages.
Very true. However, we can pretend we're in a switched environment. Let's suppose a theoterical scheme like this does NOT do source verification onboard the processor, but at the OS level. By sending a large amount of spoofed/forged data, we can overwhelm the operating system with tons of computationally expensive identity verification routines. In this theoretical setup, a machine -- assuming it lacked any CPU limits against this type of attack -- could be brought to its knees by a flood of these. This would be a very effective DoS against any sort of protocol that authenticates things this way. What we've come up against here is a serious problem in our security models. How do we confirm the authenticity of a network packet and not leave ourselves vulnerable to resource consumption attacks? Unauthenticated low level protocols are subject to resource consumption attacks such as SYN floods where the server blindly believes all incoming connections to be real. Future protocols that rely on cryptographic methods for authenticating the identity of every incoming connection will be subject to attacks where an attacker will force the victim to perform massively resource-heavy computations. One helpful measure owuld be to impliment the authentication in the network hardware to reduce CPU usage. However, a real solution to this class of attack is needed. (Sorry about the rambling.) Ex Machina (xm () geekmafia dynip com) http://geekmafia.dynip.com/~xm/ phone: 1-877-LPT-WHIP icq: 3387005 aim: ExMachina public.key: finger.me Hire me: Rhode Island Linux BSD UNIX C++ Perl HTML TCP/IP Security
Current thread:
- Re: TCP, (continued)
- Re: TCP Ranieri Argentini (Mar 06)
- [Fwd: Single SignOn] Blue Boar (Mar 06)
- Re: TCP CyberPsychotic (Mar 06)
- callbook in services ? Maurycy Prodeus (Mar 04)
- Re: spoofing the ethernet address Pauli Ojanpera (Mar 02)
- Re: spoofing the ethernet address Seth R Arnold (Mar 05)
- Re: spoofing the ethernet address H D Moore (Mar 05)
- Re: spoofing the ethernet address Ex Machina [xm] (Mar 06)
- Re: spoofing the ethernet address Buhrmaster, Gary (Mar 06)
- Re: spoofing the ethernet address Pauli Ojanpera (Mar 06)
- Re: spoofing the ethernet address Ex Machina [xm] (Mar 07)
- Re: spoofing the ethernet address Dimitrios Petropoulos x9234 Singer / 4 (Mar 08)
- [Q] CORBA, IIOP Simon Tamás (Mar 08)
- Unwanted automagic processing (Was: Re: [Q] CORBA, IIOP) Mikael Olsson (Mar 09)
- Re: Unwanted automagic processing (Was: Re: [Q] CORBA, IIOP) Nicolas Justin (Mar 10)
- Re: Unwanted automagic processing (Was: Re: [Q] CORBA, IIOP) Liviu Daia (Mar 10)
- MS Frontpage shtml.dll Path Leak Vulnerability Greg (Mar 12)
- NT 4.0 (Workstation) Logon Authentication Vulnerability jhw1970 () HOTMAIL COM (Mar 14)
- Re: NT 4.0 (Workstation) Logon Authentication Vulnerability Phil Cox (Mar 14)
- Re: NT 4.0 (Workstation) Logon Authentication Vulnerability Maxime Rousseau (Mar 15)
- Re: spoofing the ethernet address Ex Machina [xm] (Mar 07)
- Re: MS Frontpage shtml.dll Path Leak Vulnerability Marc (Mar 14)