Vulnerability Development mailing list archives
Re: Daemonic
From: batz <batsy () VAPOUR NET>
Date: Tue, 12 Sep 2000 10:27:03 -0400
On Thu, 24 Aug 2000, J. Oquendo wrote: :Greetings all. While working on a paper on DoS and networking I came up with a BGP session killer which also seemed to crash my Wintrash2000 laptop. The code was chopped up and geared to focus on BGP so its port is set to 179. Now my laptop wasn't running anything on that port but it still managed to crash it after a few minutes... : :Anyways snip to the code maybe you can determine what it is... Be advised however this is a functional BGP DoS as well. Odd it would crash Windows but it has... I didn't read the code, but from what you describe, this shouldn't be effective against any device with a robust tcp/ip implementation. To interrupt a BGP session you would have to interrupt the tcp session that BGP uses. Insertion attacks against bgp are exceedingly difficult. You can synflood the port untill you are blue in the face and any modern ip stack won't care. See http://www.blackhat.com/html/bh-usa-99/bh3-speakers.html and look for the BGP talk. This isn't a new idea, Jeremy Rauch has done some further work on routing protocols, and the most likely attacks against BGP are through redistribution through other protocols, or control of a peer. -j -- batz Chief Reverse Engineer Superficial Intelligence Research Defective Technologies
Current thread:
- Re: Daemonic batz (Sep 12)