Vulnerability Development mailing list archives
Re: New DOS attack vs ppp links
From: Eric Andry <eric () WINCOM NET>
Date: Wed, 26 Jul 2000 11:38:10 -0400
Thanks for your five cents Brad.. Well spent, and all true... But there may be a larger problem with the encapsulation attack. This would be a kind of smurf+USSR Labs code. It has to do with dsl connections that use PPPoE (Or PPPoX). It's pretty easy to gather a big list of DSL IPs... Look at some of the naming schemes (e.g.: adsl-208-191-156-188.dsl.hstntx.swbell.net , adsl-gte-la-216-86-202-119.mminternet.com , 3ff8e2d5.dsl.flashcom.net , 63-217-212-127.sdsl.cais.net , you get the Idea...) you can guess a pretty wide range of the reverse lookups / IP's that are using DSL technology. Though not all of these will be using PPPoE, a large number do because the easy of use. If you can get double the traffic from a good sized list of these addresses, spoofing the source address to some target machine, you could cripple it without using up much of your own bandwidth. Mind you this would definitely not be as effective as smurf, but because of the Amplification of packets from high (read decent) bandwidth connections , you could take down your friendly neighborhood big backbone from something smaller (don't think 56K dialup is going to do it for you this time though). The code I have for this is hardly tested, and I don't plan on releasing it because quite frankly it's not mine.. It's TFreaks Smurf + Ussr Labs code released previously on this list, pretty much mixed together.. Only thing I did is the mixing and the smallest amount of actual code myself. Maybe Ussr Labs will want to release another version of their PPP link killer to do the same. Have to say thanks to TFreak and Ussr Labs since I used almost all their code. Anyways, it's something to think about at least. Regards, Eric Andry Brad Spengler wrote:
uhmm..."New DOS attack" isn't quite appropriate. This kind of attack has been known for quite some time now. afaik it is effective on any kind of link, and it's a ppp encapsulation pattern for ping. just doesn't seem like the kind of stuff i expect from ussr labs. Well there's my 5 cents, for what they're worth.
-- Eric Andry Network/System Admin. Wincom
Current thread:
- New DOS attack vs ppp links cat catzor (Jul 21)
- Re: New DOS attack vs ppp links Brad Spengler (Jul 23)
- Re: New DOS attack vs ppp links Eric Andry (Jul 27)
- Re: New DOS attack vs ppp links Brad Spengler (Jul 28)
- Re: New DOS attack vs ppp links Eric Andry (Jul 27)
- Re: New DOS attack vs ppp links Brad Spengler (Jul 23)