North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DoS, ICMP, proxies, SYNDefender

  • From: Michael Dillon
  • Date: Fri Oct 04 15:51:07 1996

On Fri, 4 Oct 1996, Tim Bass wrote:

> > Right on! PHRACK will be publishing my program to transmit bogus ICMP
> > UNREACHABLE packets in the december 2001 issue. It's called the Bass
> > Player. :-)
> 
> Wonderful!  And Phack with publish a patch to ip_input.c that redirects all
> bogus ICMP directs root names servers as SYN packets called the
> Dillion Diversion :-)  (think about it..)

I have thought about it. If the Internet industry spends a couple of years
deploying ICMP UNREACHABLE as you have asked, then they will have created
a weakness that can be exploited by the Bass Player. Even though a
solution to this problem could be deployed, it would also take years to
work its way into most network hosts.

The solution is to not deploy something that creates new attack
possibilities.

Michael Dillon                   -               ISP & Internet Consulting
Memra Software Inc.              -                  Fax: +1-604-546-3049
http://www.memra.com             -               E-mail: [email protected]

- - - - - - - - - - - - - - - - -