Vulnerability Development mailing list archives
Re: Networking theories
From: peak () ARGO TROJA MFF CUNI CZ (Pavel Kankovsky)
Date: Sun, 7 May 2000 15:11:58 +0200
On Sat, 6 May 2000, Matthew King wrote:
Source Quench packets contain the first 64 bytes of the original datagram's data.. You would have to obtain this information some how, perhaps via sniffing. If I am wrong, please let me know.. As far as I can tell, this would be the limiting factor to using this as a type of DoS.
Unless the destination host checks those 64 bytes thoroughly, everything you need is to guess the source and the destination port number (moreover, it is unlikely you will be stopped by egress filtering if you spoof the contents of an ICMP message only rather than its real source address that does not really matter). If one of the numbers is known (i.e. you want to attack a specific service), you need to guess one number out of 2^16. This is quite close to a feasible attack even when you have no clue what the other port number might be...OTOH, the flood of 2^16 datagrams per 50+ bytes (3+ MB of data) would probably have the same effect even if none of them was a Source Quench matching an actual connection. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
Current thread:
- Re: Networking theories Matthew King (May 05)
- Re: Networking theories Pavel Kankovsky (May 07)
- <Possible follow-ups>
- Re: Networking theories Matthew King (May 05)
- Egress checking (was Re: Networking theories) Dick St.Peters (May 05)
- The Million Dollar Solution Matthew Harmon (May 05)
- Re: The Million Dollar Solution Ron DuFresne (May 05)
- Re: The Million Dollar Solution Rob Perry (May 06)
- Re: The Million Dollar Solution Jeremy Speer (May 06)
- Very Technical info about The VIRUS repair...but well laid out Robert Riebs (May 06)
- Administrivia #8704 (I think we should just be friends) Blue Boar (May 06)
- Re: The Million Dollar Solution (NOT?) Nohican (May 06)
- Re: Networking theories Matthew King (May 06)
(Thread continues...)