nanog mailing list archives
Re: New form of packet attack named Stream
From: Vadim Antonov <avg () kotovnik com>
Date: Thu, 20 Jan 2000 14:13:35 -0800
Jamie Rishaw <jamie () dilbert exodus net> wrote:
Unless you are Vixie Hubbard Cerf Donelan Manning Bush Jesus Christ
(Randy, you _do_ look like a biblical personage :)
A major s/w key figure or comparable entity
.. or someone that knows me IRL, and has for some time .. please do not e-mail me asking for the code.
Actually, you provided enough details, so any unix guy who knows his sockets can write the program in fifteen minutes. This type of attack was known for a long time (and there are even nastier variations using TCP header bits and fragments), and, unfortunately, there's no good defense against it. The core routers are indeed vulnerable; is there any router which has an access list for restricting packet flow to the routing processor? (My knowledge of latest-and-greatest features from OFRV is somewhat outdated). A toyed with the idea of reverse-path verification coupled with some kind of super-squelch message; but so far all such schemes have holes in them. DoS attacks are a real scourge. --vadim
Current thread:
- New form of packet attack named Stream Henry R. Linneweh (Jan 20)
- Re: New form of packet attack named Stream Joe Shaw (Jan 20)
- <Possible follow-ups>
- Re: New form of packet attack named Stream Vadim Antonov (Jan 20)
- Re: New form of packet attack named Stream Alex P. Rudnev (Jan 20)
- Re: New form of packet attack named Stream Pat Myrto (Jan 21)
- Re: New form of packet attack named Stream Richard Steenbergen (Jan 21)
- Re: New form of packet attack named Stream Damon M. Conway (Jan 21)
- Re: New form of packet attack named Stream Alex P. Rudnev (Jan 22)
- Re: New form of packet attack named Stream Alex P. Rudnev (Jan 20)
- Re: New form of packet attack named Stream Randy Bush (Jan 20)
- Re: New form of packet attack named Stream Andrew Brown (Jan 20)