Vulnerability Development mailing list archives
Networking theories
From: intrusion () ENGINEER COM (Jesus Oquendo)
Date: Thu, 4 May 2000 22:09:07 -0000
While this is not a vuln-dev I figured I would post it since it is security related. Apologies for the spammage if this has been addressed before. Theories: If source quench packets were sent as a spoofed host, and sent to a destination in which someone were trying to slow down traffic as a form of Denial of Service attack would it work? victim.org(spoofed) ---> ICMP(source-quench) ---> router.victim.org Someone wants to slow down victim.org so would sending sourch quenches to victim.org's router claiming to be victim.org stating slow down any traffic coming to victim.org slow it down? What about poisining ARP addresses on a network... If packets were sent to a network from an attacker who somehow gained MAC addresses, or would that network's router be able to filter out that type of traffic from coming in validly? If so then via the access list of protocol type? Or if the router was not properly configured to determine that these ARP's are valid would it add these new changes that the attacker is sending as valid routing information and update its routing table addresses and or perhaps damage any relevant information for that network? Spanning Tree Protocol's, OSPF information, etc... What about the possibilty of "route poisining" might seem outrageous but what if complete routing changes were remotely forced via some sort of spoofed data such as ARP floods, Spanning Tree based bogus traffic coming onto the network... Wouldn't router cost's be jeapordized resulting in a total nightmare... Ever heard or seen about any type of DoS like this, or have any links they'd care to e- mail me on this subject?
Current thread:
- Re: ethernet cards & promisc mode Spears, Joseph L. (May 04)
- Re: ethernet cards & promisc mode Holger van Koll (May 04)
- Re: ethernet cards & promisc mode R. Argentini (May 04)
- Networking theories Jesus Oquendo (May 04)
- Re: Networking theories Bluefish (May 05)
- MTA scanner Blue Boar (May 05)
- Re: MTA scanner Bluefish (May 07)
- Brooktrout fax boards Andrew Sherrod (May 05)
- NAV detected a virus in a document you sent. pb001/Lzub/LT () LZUB LT (May 04)
- Re: NAV detected a virus in a document you sent. 3APA3A (May 05)
- <Possible follow-ups>
- Re: ethernet cards & promisc mode Spears, Joseph L. (May 04)
- Re: ethernet cards & promisc mode Sebastian (May 04)
- Re: ethernet cards & promisc mode Michael Wojcik (May 05)
- Re: ethernet cards & promisc mode Bluefish (May 07)