Vulnerability Development mailing list archives
Re: Denials of Service Attacks
From: adam () ALIENZOO COM (Adam Muntner)
Date: Tue, 18 Jul 2000 10:19:09 -0700
"J. Oquendo" wrote:
This is a document in which I have spent some down time detailing different types of Denials of Service attacks, how some may be constructed, and how some may be stopped. I have also included sample source code (some broken to deter script kiddies) in hopes I could gather enough data to prevent Denials of Service on my own network as well as assist others in assessing their own networks. BGP4, OSPF, RIP, EIGRP, IGRP, IS-IS, ICMP are covered and or under construction.
Currently I am studying for the CCIE since the CCNA is being changed this year and hopefully I can attain it (CCIE) in about 1 1/2 years or so (who knows) besides I work too long as it is and study time is limited (hey!$! I'm married ya know)
<OPINION> My only real comment is against the recent trend of releasing 'broken' exploits, as being against the spirit of "full disclosure." I would hasten to say that a large number of people using publish 'cracker' tools are professionals, as opposed to script kids. Most of us are pretty busy, too. While the error intentionally introduced may be a small one, it frequently interferes with the flow of work - ie, testing the tool on your OWN hardware in order to develop defenses against similar attacks. While I appreciate the sentiment in trying to limit malicious use... the argument for full disclosure is about the same argument against gun control, here in the US... The bad guys won't be deterred, and will still get their hands on powerful weapons. Also, "who can debug some c code" isn't exactly a good litmus test, to determine who is 'responsible' enough to get their hands on working tools. Plenty of great network guys aren't c coders, and plenty of malicious kids are. While I haven't yet looked at your code (for all I know, you just commented out a critical line or something), I wanted to address this issue from a more... philisophical approach, in an attempt to head off this disturbing trend that I think doesn't jive with the purpose of a full-disclosure list. </OPINION> adam. -- Adam Muntner Systems Engineer, AlienZoo Inc. adam () alienzoo com (602)850-3262
Current thread:
- CASL & IP Options Gabe Kostolny (Jul 11)
- Re: CASL & IP Options Pedro Quintanilha (Jul 12)
- eEye Digital Security ports nmap to Windows NT Marc (Jul 13)
- Nokia 7110 Wap Browser Hole Aidan O'Kelly (Jul 13)
- core dump mount ararat blossom (Jul 13)
- Re: core dump Leon Breedt (Jul 13)
- Re: core dump Kev (Jul 13)
- Re: core dump Tymm Twillman (Jul 13)
- Re: core dump Bluefish (Jul 14)
- Denials of Service Attacks J. Oquendo (Jul 16)
- Re: Denials of Service Attacks Adam Muntner (Jul 18)
- Re: core dump Javier Abdul Córdoba Gándara (Jul 17)
- IIS anonymous user - who? Chris Erasmus (Jul 17)
- Re: IIS anonymous user - who? Bill Pennington (Jul 18)
- [Paper] Format bugs. Pascal Bouchareine (Jul 18)
- IE Script Vul. Frank Town (Jul 18)