Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Networking theories

From: aussie () AUSSIE MINE NU (Aussie)
Date: Mon, 8 May 2000 11:58:59 +1000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 6 May 00, at 9:21, Matthew King wrote:


Hi.

I am not sure how easy something like this would be to put into
practise.

Source Quench packets contain the first 64 bytes of the original
datagram's data.. You would have to obtain this information some how,
perhaps via sniffing. If I am wrong, please let me know.. As far as I
can tell, this would be the limiting factor to using this as a type of
DoS.


Just as a thought, if such a DoS was so difficult, why would I be
logging lots of ICMP Type 3 packets at my firewall from IP's that have
not been connected to? The most recent one (involving approx 200
packets over a few seconds) was supposedly from 10.240.x.x, not even
available on my internal network. Quite obviously these packets are
spoofed, but if their is no real way to D0S a system with them, why
would someone spoof them?
Unfortunately, using Windows 9x, I am unable to give you tcp dumps of
the packets....if anyone knows of a program to do this, please let me
know.

Aussie

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60
Comment: Please verify this signature.  http://www.pgpi.com

iQA/AwUBORWSw5Zb9oayhFBBEQIEgACeKOI94+4KudXGGRcbs1tgLRHWaSMAnimg
GawC4tir2HVsulMOZwBa2wZ4
=itAw
-----END PGP SIGNATURE-----

PGP Key Block available at:
http://aussie.mine.nu/aussie/pgp_key.txt
Previous By Date Next
Previous By Thread Next

Current thread: