Vulnerability Development mailing list archives
Re: DoS Local machines
From: sigipp () WELLA COM BR (sigipp () WELLA COM BR)
Date: Mon, 8 May 2000 10:24:05 -0300
Hi, Well assume you may be able to automatically detect attacks. Then how do you identify the attackers? With their IP-Addresses? may be spoofed. With the MAC-Address? May be spoofed too (although not so easy). Well may be you could additionally check the MAC table of your switch to verify at least that the attacking machine with MAC address X is connected to the port of the switch which it is supposed to. But if one attacks his neighbour´s computer, connected to the same switch port? Is there a possibility to identify a host through any MIB of an snmp-enabled hub? I don´t know. but this would be the only way to definitely identify at least the conection. Then you might simply disable that hub port (via snmp). Just assume this: I really hate someone, and so i´m spoofing an attack from his machine. I only have to wait a second for your script to react, and this fellow will not only be disconnected and get his machine shut down (or something like that), he will also have to proof that he´s innocent. And if he´s not a security specialist, this might be very hard (may be a way to get rid of the CEO?). So i´d recommend to be very carefully with this kind of action. The maximum action i´d consider doing automatically would be shutting down the hub port. Grertings Siegfried Gipp
Current thread:
- Re: DoS Local machines sigipp () WELLA COM BR (May 08)