Vulnerability Development mailing list archives
Re: Networking theories
From: Matthew.King () CWO NET AU (Matthew King)
Date: Mon, 8 May 2000 22:09:41 +1000
Hi. This is true.. Does anyone know which implementations of IP actually check the contents of a Source Quench ICMP packet? It would be interesting to know, perhaps some testing could be done with various OS's to see which are actually susceptible to this kind of DoS? Cya Matthew Matthew King. Network Engineer, Cable & Wireless Optus. -----Original Message----- From: Pavel Kankovsky [mailto:peak () ARGO TROJA MFF CUNI CZ] Sent: Sunday, 7 May 2000 11:12 PM To: VULN-DEV () SECURITYFOCUS COM Subject: Re: Networking theories On Sat, 6 May 2000, Matthew King wrote:
Source Quench packets contain the first 64 bytes of the original
datagram's
data.. You would have to obtain this information some how, perhaps via sniffing. If I am wrong, please let me know.. As far as I can tell, this would be the limiting factor to using this as a type of DoS.
Unless the destination host checks those 64 bytes thoroughly, everything you need is to guess the source and the destination port number (moreover, it is unlikely you will be stopped by egress filtering if you spoof the contents of an ICMP message only rather than its real source address that does not really matter). If one of the numbers is known (i.e. you want to attack a specific service), you need to guess one number out of 2^16. This is quite close to a feasible attack even when you have no clue what the other port number might be...OTOH, the flood of 2^16 datagrams per 50+ bytes (3+ MB of data) would probably have the same effect even if none of them was a Source Quench matching an actual connection. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
Current thread:
- DoS Local machines, (continued)
- DoS Local machines Jason (May 07)
- Re: DoS Local machines Jonathan Williams (May 07)
- Re: DoS Local machines Seth R Arnold (May 07)
- Re: DoS Local machines Arturo Busleiman (May 10)
- Re: DoS Local machines TeeSPy (May 11)
- Re: DoS Local machines Jason (May 10)
- Re: DoS Local machines Barclay Osborn (May 11)
- DoS Local machines Jason (May 07)
- Re: Networking theories Helmethead (May 07)
- Re: Networking theories Dragos Ruiu (May 07)
- Re: Networking theories Blue Boar (May 07)
- Re: Networking theories Dug Song (May 08)
- Automatic Retaliation contra DoS sigipp () WELLA COM BR (May 09)
- Re: Automatic Retaliation contra DoS Weston Pawlowski (May 17)
- Re: Automatic Retaliation contra DoS Michael H. Warfield (May 17)
- Re: Automatic Retaliation contra DoS Weston Pawlowski (May 17)
- Re: Automatic Retaliation contra DoS Michael H. Warfield (May 18)