Full Disclosure mailing list archives
Re: Snatching IP on LAN, how to DoS/block such machines?
From: Joachim Schipper <j.schipper () math uu nl>
Date: Sat, 23 Jul 2005 19:35:22 +0200
On Wed, Jul 20, 2005 at 11:27:17PM +0200, Niklas wrote:
Oh forgot to mention this is a univeristy, open around the clock, with thousands of users with physical access to whatever. But I thank you kindly, Marc No Mad. You really helped out on the subject. :p Addon: I don't have access to the DHCP, or any other central services. So we're back the "how do i DoS my clients" on my subnet, based on ip/MAC? No 802.1x available here .... probably won't be in 2005.... /n
There's always the option, though it may be a little more complex than
you intended, of using something like Snort+FlexResp. Load up the p2p
rulesets, modify them to shut down any offending connections.
It won't exactly DoS them, but people will need to do a lot better than
just fire up Kazaa. Of course, good attackers may try all sorts of
sneaky tricks - who are you trying to keep out? The casual p2p user, or
a determined hacker with physical access? The latter is quite difficult.
;-)
(Disclaimer: I've never tried FlexResp...)
Joachim
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: Snatching IP on LAN, how to DoS/block such machines? Madison, Marc (Jul 20)
- Re: Snatching IP on LAN, how to DoS/block such machines? Niklas (Jul 20)
- Re: Snatching IP on LAN, how to DoS/block such machines? Joachim Schipper (Jul 23)
- Re: Snatching IP on LAN, how to DoS/block such machines? Niklas (Jul 20)