Re: Denial of service

[Gigi Sullivan <sullivan () seclab com>]

Hi there :)

Well, indeed  DoS' attack were used in the past also to gain
access to a machine, not only to corrupt a service's work.
That involved also another exploitation (ie that DoS only couldn't lead to
nothing, but was foundamental).
Have you ever read Shimomura's paper about Mitnick's break ?
He simple show how a trust relationship, again with ip spoofing and
DoS (TCP SYN attack (also said by Bellovin many years ago "A Weakness in
the TCP/IP protocol suite) were used to ESTABILISH a "fake" (but "real")
login session.

Best regards,

                
                        -- gg sullivan



--
Lorenzo Cavallaro
Intesis SECURITY LAB            Phone: +39-2-671563.1
Via Settembrini, 35             Fax: +39-2-66981953
I-20124 Milano  ITALY           Email: sullivan () seclab com


On Tue, 18 Aug 1998, Pawel Maciejewski wrote:

> Date: Tue, 18 Aug 1998 13:08:04 +0200 (MET DST)
> From: Pawel Maciejewski <lukey () hack dk>
> To: City <stryker () WPI EDU>
> Cc: firewall-wizards () nfr net
> Subject: Re: Denial of service
>
>
> Denial of Service (called also DoS) is a type of attack which is used 
> not to gain acces to machine, but to corrupt it's work (hang, roboot etc)
>
> Examples : land, teardrop, boink, winnuke, latierra (modified latierra),
> nestea, ping of death, smurf and many many more..
>
> You can even use the fork() function to cause simply DoS attack
>
> Greets 
>
> -= Signed =-
> -= Pawel Maciejewski =-
> -= e-mail : lukey () hack dk IRC #hack, #hackpl, #hax =-