Re: Daemonic

[batz <batsy () VAPOUR NET>]

On Thu, 24 Aug 2000, J. Oquendo wrote:

:Greetings all. While working on a paper on DoS and networking I came up with a BGP session killer which also seemed to 
crash my Wintrash2000 laptop. The code was chopped up and geared to focus on BGP so its port is set to 179. Now my 
laptop wasn't running anything on that port but it still managed to crash it after a few minutes...
:
:Anyways snip to the code maybe you can determine what it is... Be advised however this is a functional BGP DoS as 
well. Odd it would crash Windows but it has...


I didn't read the code, but from what you describe, this shouldn't
be effective against any device with a robust tcp/ip implementation.

To interrupt a BGP session you would have to interrupt the tcp
session that BGP uses. Insertion attacks against bgp are exceedingly
difficult. You can synflood the port untill you are blue in the
face and any modern ip stack won't care.

See http://www.blackhat.com/html/bh-usa-99/bh3-speakers.html and
look for the BGP talk. This isn't a new idea, Jeremy Rauch has done
some further work on routing protocols, and the most likely
attacks against BGP are through redistribution through other
protocols, or control of a peer.


-j


--
batz
Chief Reverse Engineer
Superficial Intelligence Research
Defective Technologies