Re: FW: Internet SYN Flooding, spoofing attacks

Date view	Thread view	Subject view	Author view

From: Mark Baker (distobj@acm.org)
Date: Mon Feb 14 2000 - 20:34:32 PST

Next message: Sally Khudairi: "WAP Forum Won't Take Sides on Geoworks' Claim"
Previous message: v - Mark Kuharich: "beyond Net browsers, connect the dots"
In reply to: Jim Whitehead: "FW: Internet SYN Flooding, spoofing attacks"

> As far as spoofing goes, in their SMURF mode, the only spoofing
>is the src_addr part of the ICMP echo that the slave systems send to
>their LOCAL broadcast address. That src_addr is the address of the
>system being attacked by ICMP_ECHOREPLY packets that simply consume all
>its bandwidth. Check out the analysis.
>
> Anti spoofing entry filters would have been of zero effect.

He could have at least pointed people here[1], where you can test networks
for their amplification ability. Beduin's host (conveyor.com) was used for
an attack in 98, and the recipient of that attack was kind enough to point
us there.

[1] http://www.powertech.no/smurf/

Next message: Sally Khudairi: "WAP Forum Won't Take Sides on Geoworks' Claim"
Previous message: v - Mark Kuharich: "beyond Net browsers, connect the dots"
In reply to: Jim Whitehead: "FW: Internet SYN Flooding, spoofing attacks"

Date view	Thread view	Subject view	Author view

This archive was generated by hypermail 2b29 : Mon Feb 14 2000 - 21:30:56 PST