North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Government scrutiny is headed our way
On Sun, 21 Jun 1998, Henry Linneweh wrote: > Now that we have gotten down to the nitty gritty here. > > AGAIN the main mechanism for spoofing the smurf attacks is A program > call wingate, ban that code and this problem will be cut more than in half. What does wingate have to do with this? Smurf attack is the term used for an ICMP echo based denial of service attack caused by sending a forged icmp echo request to a brodcast network address. The attacker forges the source address of the icmp echo request to that of his victim, so all ICMP echo replies come back and flood the victim(s). Now, these packets can be hand forged by anyone with a moderate knowledge of C and root on a UN*X workstation. Don't fix the symptom, but fix the reason these attacks work. Packet authentication is the answer down the line, but for now it's getting the twonks with their networks open to fix the problem. This DoS can also be done with UDP echo, and UDP packets are much easier to forge/spoof than TCP. > Next there is a rumor that 8000 users have been infected with a tweaked > system.exe file that makes that user a smurf amplifier unwittingly. These > are things to watch for. I wish there was an easier way to break bad news. I fell out of my chair at that statement. One user/host cannot be a smurf amplifier; one network from a /30 and down can with different results. Joe Shaw - [email protected] NetAdmin - Insync Internet Services Any spelling mistakes and/or grammar errors are due to lack of sleep... > Henry
|