Vulnerability Development mailing list archives
Re: Networking theories
From: Matthew.King () CWO NET AU (Matthew King)
Date: Sat, 6 May 2000 09:21:19 +1000
Hi. I am not sure how easy something like this would be to put into practise. Source Quench packets contain the first 64 bytes of the original datagram's data.. You would have to obtain this information some how, perhaps via sniffing. If I am wrong, please let me know.. As far as I can tell, this would be the limiting factor to using this as a type of DoS. Cya Matthew -----Original Message----- From: Jesus Oquendo [mailto:intrusion () ENGINEER COM] Sent: Friday, 5 May 2000 8:09 AM To: VULN-DEV () SECURITYFOCUS COM Subject: Networking theories While this is not a vuln-dev I figured I would post it since it is security related. Apologies for the spammage if this has been addressed before. Theories: If source quench packets were sent as a spoofed host, and sent to a destination in which someone were trying to slow down traffic as a form of Denial of Service attack would it work? victim.org(spoofed) ---> ICMP(source-quench) ---> router.victim.org Someone wants to slow down victim.org so would sending sourch quenches to victim.org's router claiming to be victim.org stating slow down any traffic coming to victim.org slow it down? What about poisining ARP addresses on a network... If packets were sent to a network from an attacker who somehow gained MAC addresses, or would that network's router be able to filter out that type of traffic from coming in validly? If so then via the access list of protocol type? Or if the router was not properly configured to determine that these ARP's are valid would it add these new changes that the attacker is sending as valid routing information and update its routing table addresses and or perhaps damage any relevant information for that network? Spanning Tree Protocol's, OSPF information, etc... What about the possibilty of "route poisining" might seem outrageous but what if complete routing changes were remotely forced via some sort of spoofed data such as ARP floods, Spanning Tree based bogus traffic coming onto the network... Wouldn't router cost's be jeapordized resulting in a total nightmare... Ever heard or seen about any type of DoS like this, or have any links they'd care to e- mail me on this subject?
Current thread:
- Re: Networking theories Matthew King (May 05)
- Re: Networking theories Pavel Kankovsky (May 07)
- <Possible follow-ups>
- Re: Networking theories Matthew King (May 05)
- Egress checking (was Re: Networking theories) Dick St.Peters (May 05)
- The Million Dollar Solution Matthew Harmon (May 05)
- Re: The Million Dollar Solution Ron DuFresne (May 05)
- Re: The Million Dollar Solution Rob Perry (May 06)
- Re: The Million Dollar Solution Jeremy Speer (May 06)
- Very Technical info about The VIRUS repair...but well laid out Robert Riebs (May 06)
- Administrivia #8704 (I think we should just be friends) Blue Boar (May 06)
- Re: The Million Dollar Solution (NOT?) Nohican (May 06)
(Thread continues...)