Full Disclosure mailing list archives
Re: Re: RLA ("Remote LanD Attack")
From: Synister Syntax <synistersyntaxlist () gmail com>
Date: Tue, 20 Dec 2005 11:42:48 -0500
Andrew Simmons: I have had numerous successful attacks take place between multiple services providers. All of which are big names. (Comcast and Verizon). Besides my own test, and the test my Friends assisted with, I have received multiple reports of others trying the exploit out themselves, and being successful. Although, I can understand what you are saying, the attacks are still obviously working. Have you tried executing an attack your self? On 12/20/05, Andrew Simmons <asimmons () messagelabs com> wrote:
Synister Syntax wrote:You are correct if your router is configured with such an ACL, you would be protected. The problem, again, is Consumer grade devices have no such ACLs, and have no way for you to manually add such. Now corporate grade devices have measures where the administrators can write such ACLs that would block spoofed packets, but that doesn't mean the administrators are enforcing them.Surely, not only the end point, but any router between the source and the target that's using uRPF (which is a complete no-brainer -- any ISP or NSP worthy of the name will be using this) will kill the attack. Or to put it another way, AFAICT a successful attack would require for all the intermediate routers to be misconfigured. cheers \a -- Andrew Simmons Technical Security Consultant MessageLabs Mobile: +44 (7917) 178745 asimmons () messagelabs com www.messagelabs.com MessageLabs - Be certain ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________
-- Regards, SynSyn Network Manager, Server Administrator, Security Specialist (http://www.teamtrinix.com) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RLA ("Remote LanD Attack") Synister Syntax (Dec 13)
- Message not available
- Re: RLA ("Remote LanD Attack") Synister Syntax (Dec 15)
- Message not available
- Re: RLA ("Remote LanD Attack") Synister Syntax (Dec 15)
- Re: RLA ("Remote LanD Attack") Synister Syntax (Dec 15)
- Re: RLA ("Remote LanD Attack") Synister Syntax (Dec 15)
- Message not available
- <Possible follow-ups>
- RE: RLA ("Remote LanD Attack") Roger A. Grimes (Dec 15)
- Re: RLA ("Remote LanD Attack") Synister Syntax (Dec 15)
- Re: RLA ("Remote LanD Attack") Synister Syntax (Dec 15)
- RE: RLA ("Remote LanD Attack") alessandroa (Dec 19)
- Re: RLA ("Remote LanD Attack") Synister Syntax (Dec 19)
- Message not available
- Re: Re: RLA ("Remote LanD Attack") Synister Syntax (Dec 20)
- Re: RLA ("Remote LanD Attack") Synister Syntax (Dec 19)