Vulnerability Development mailing list archives
Re: Automatic Retaliation contra DoS
From: mikael.olsson () ENTERNET SE (Mikael Olsson)
Date: Thu, 25 May 2000 14:29:11 +0200
sigipp () WELLA COM BR wrote:
Hi, My idea was not a retaliation of type attacking your machine. Not even closing the door. Simply throttling down (simulating line congestion for the attacker). There would be nothing significantly in your firewall logs, or even nothing. It would be simply that an increasing percentage of your (the attackers) packets will get lost. Nothing more. The maximum you would find in your firewall logs is an icmp message of type "host unreachable" of some intermediate router.
I know I'm late into this thread (haven't been keeping up with my list subscriptions again. agh) but I feel I have to say this much: Cutting off someone as a result of a probe, or even decreasing their throughput, may lead to serious problems. What if I launch a spoofed attack against you and claim to be a bunch of the top level DNS servers? (Owie!) Granted, only doing this if you confirm a full TCP connect reduces the risks of DoSign yourself. IF your server OS has good sequence number randomization, of if your firewall provides it for you. A point of interest: Watchguard blocks "attackers" by default, and if you disable this "protection", you open yourself up to DoS since its proxies are WAY over-sensitive without the block. /Mike -- Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 ÖRNSKÖLDSVIK Phone: +46-(0)660-29 92 00 Fax: +46-(0)660-122 50 Mobile: +46-(0)70-66 77 636 WWW: http://www.enternet.se E-mail: mikael.olsson () enternet se
Current thread:
- Re: Automatic Retaliation contra DoS Kang Fu (May 17)
- <Possible follow-ups>
- Re: Automatic Retaliation contra DoS sigipp () WELLA COM BR (May 18)
- Re: Automatic Retaliation contra DoS Mikael Olsson (May 25)
- Re: Automatic Retaliation contra DoS sigipp () WELLA COM BR (May 25)
- Re: Re: Automatic Retaliation contra DoS Felix von Leitner (May 29)
- Re: Automatic Retaliation contra DoS Daniel Roesen (May 29)
- Re: Automatic Retaliation contra DoS Peter C. Norton (May 29)
- Re: Re: Automatic Retaliation contra DoS Felix von Leitner (May 29)
- Re: Automatic Retaliation contra DoS sigipp () WELLA COM BR (May 29)