nanog mailing list archives
Re: New Denial of Service Attack on Panix
From: Tim Bass <bass () cactus silkroad com>
Date: Wed, 2 Oct 1996 17:11:47 -0400 (EDT)
Hi. I've been testing the SYN attack on with 'the patch' with no success of stopping the attack so far with the patch (right now, without the patch it is DoA and with the patch, the attack panics the kernel :.... but this is more-than likely an implementation issue that will be solved. However, I was thinking (dangerous, admittedly) that since the success of the attack is based on using an UNREACHABLE source address and the host under attack attempts to ACK/SYN with the bogus attacker wouldn't it be easier to: Just have either (1) a listening daemon; (2) or an internal flag in the kernel, (3) or some other better IPC, to notify TCP, or better yet, IP to say: "Hey, there is a lot of HOST UNREACHABLES going on here, and I don't like it" algorithm to either (a) just filter the IP packets at in the kernel IP code, (best IMO) (b) or do it in the TCP code? This seems simple, so I must be missing something in this! Because, it seems to me, since the way to exploit TCP is to use bogus, unreachable IP sources, why not use this fact to let the kernal just filter itself under certain flooding conditions? Please let me know why this will not work. Thanks, Tim - - - - - - - - - - - - - - - - -
Current thread:
- Re: New Denial of Service Attack on Panix Tim Bass (Oct 02)
- Re: New Denial of Service Attack on Panix Tim Bass (Oct 02)
- Re: New Denial of Service Attack on Panix Dima Volodin (Oct 02)
- Re: New Denial of Service Attack on Panix Tim Bass (Oct 02)
- Re: New Denial of Service Attack on Panix Dima Volodin (Oct 02)
- Re: New Denial of Service Attack on Panix Tim Bass (Oct 02)
- Re: New Denial of Service Attack on Panix Dima Volodin (Oct 02)
- Uh...excuse me...? Carl Payne (Oct 02)
- Re: New Denial of Service Attack on Panix Tim Bass (Oct 02)
- Re: New Denial of Service Attack on Panix Tim Bass (Oct 02)
- Re: New Denial of Service Attack on Panix\ Avi Freedman (Oct 02)
- Re: New Denial of Service Attack on Panix\ Tim Bass (Oct 03)