|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: New form of packet attack named Stream
Unless you are Vixie Hubbard Cerf Donelan Manning Bush Jesus Christ A major s/w key figure or comparable entity .. or someone that knows me IRL, and has for some time .. please do not e-mail me asking for the code. Thanks. -jamie On Thu, Jan 20, 2000 at 12:54:04PM -0800, Jamie Rishaw wrote: > > That's because it's a really nasty attack. > > I have a copy.. I've successfully completely taken down every layer-3 > device of my own that I've launched it against. > > The attack sends massive ACKs to the victim. The ACKs are dropped at > the kernel, but it's CPU bound. So unless you have tons of CPU to spare, > your system will essentially slow to a pause when under this sort of > attack. > > Another icky thing.. Established bit.. A lot of firewalls ass-u-me that > if a packet is marked established, it's valid and should be passed along. > This exploit takes advantage of that assumption. I dont know to what > level firewall software looks at packets (checking headers for sequence > number, etc), but this one is intelligent. > > This is no "groundbreaking" attack.. it's been discussed before of > how header trickery could do things.. but.. eh.. I dunno. My TCP/IP > knowledge only goes so far, so I don't have a ton of room to ellaborate. > > Regardless.. > A successful distributed attack using this exploit *can* take down major > parts of the Internet. > > Key people at software vendors already have copies of this and are trying > to work on a fix. I doubt anything real is going to come of it as far > as a remedy or counter, very soon. > > Regards > > Jamie Rishaw > > On Thu, Jan 20, 2000 at 12:57:39PM -0600, Joe Shaw wrote: > > > > > > I haven't heard of it, so could you please provide some more technical > > details? I saw nothing on it come across bugtraq or in the archives. > > > > -- > > Joseph W. Shaw - [email protected] > > Computer Security Consultant and Programmer > > Free UNIX advocate - "I hack, therefore I am." > > > > On Thu, 20 Jan 2000, Henry R. Linneweh wrote: > > > > > > > > anyone have a preventative method for this? > > > > -- > jamie rishaw (efnet:gavroche) -- Exodus Communications, Inc. > Senior Network Engineer, Los Angeles / SoCal Data Centers > Corporate association for identification, not representation -- jamie rishaw (efnet:gavroche) -- Exodus Communications, Inc. Senior Network Engineer, Los Angeles / SoCal Data Centers
|