Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Networking theories

From: peak () ARGO TROJA MFF CUNI CZ (Pavel Kankovsky)
Date: Sun, 7 May 2000 15:11:58 +0200

On Sat, 6 May 2000, Matthew King wrote:


Source Quench packets contain the first 64 bytes of the original datagram's
data.. You would have to obtain this information some how, perhaps via
sniffing. If I am wrong, please let me know.. As far as I can tell, this
would be the limiting factor to using this as a type of DoS.


Unless the destination host checks those 64 bytes thoroughly, everything
you need is to guess the source and the destination port number (moreover,
it is unlikely you will be stopped by egress filtering if you spoof the
contents of an ICMP message only rather than its real source address that
does not really matter). If one of the numbers is known (i.e. you want to
attack a specific service), you need to guess one number out of 2^16. This
is quite close to a feasible attack even when you have no clue what the
other port number might be...OTOH, the flood of 2^16 datagrams per 50+
bytes (3+ MB of data) would probably have the same effect even if
none of them was a Source Quench matching an actual connection.

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
Previous By Date Next
Previous By Thread Next

Current thread: