North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: New Denial of Service Attack on Panix

  • From: Dima Volodin
  • Date: Wed Oct 02 17:39:33 1996

Tim Bass writes:
> 
> [...]
> 
> Because, it seems to me, since the way to exploit TCP
> is to use bogus, unreachable IP sources, why not use
> this fact to let the kernal just filter itself under
> certain flooding conditions?
> 
> Please let me know why this will not work.
> 
> Thanks,

It will, except that a slight modification of the attack (using IP
addresses that _don't_ produce ICMP_UNREACH) will get us back to square
one.

Anyway, filtering packets with SRC addresses known to generate
ICMP_UNREACH at the earliest possible stage might be a good idea.

> Tim

Dima
- - - - - - - - - - - - - - - - -