North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: [nsp] known networks for broadcast ping attacks
On Wed, Jul 30, 1997 at 03:47:26PM -0400, Jordyn A. Buchanan wrote: > The LAN is being used indirectly to attack another network. Pings are > spoofed as originating from the machine that is being attacked and sent to > the broadcast address on another network. This causes every machine on the > receiving network to send an ECHO_RESPONSE to the machine being attacked, > esentially creating a huge multiplying effect on a ping flood attack. > > Apparently, the MAE-East LAN is one of the networks that attackers are > using to flood other hosts. Time to attempt to put my other foot in my mouth. Ought IP stack implementations not to refuse to reply to ECHO_REQUEST packets with destination address which are broadcast addresses? Ok, yes, I know that CIDR makes this harder, but knowing which nets fall on non-octet boundaries is non-obvious, too, and this particular attack wasn't trying... .255 is _always_ a broadcast address, no? Cheers, -- jra -- Jay R. Ashworth [email protected] Member of the Technical Staff Unsolicited Commercial Emailers Sued The Suncoast Freenet "People propose, science studies, technology Tampa Bay, Florida conforms." -- Dr. Don Norman +1 813 790 7592
|