Re: New Denial of Service Attack on Panix

[Bill Sommerfeld <sommerfeld () apollo hp com>]

   (2) Using documented stochastic methods, look for the hidden
       pattern in the pseudo-random sequences.  There are computer
       programs to do this, sorry, I would have to do a search to
       find one (the exist, however);

Watch out for this step, it's a doozey.

The attacker could be using a non-cryptographic random number
generator (like rand() or random()), but if he had a clue, he would be
using a cryptographic random number generator based on DES, IDEA, RC4,
etc., to generate the random bitstream to fill the headers.

He could also be using /dev/random on late-model linux systems which
would probably be even harder to reverse-engineer.

                                        - Bill
- - - - - - - - - - - - - - - - -