| 1 |
Scott Taylor wrote: |
| 2 |
> Replying in a specific manner which may have been at one point the |
| 3 |
> proper and polite way for an IP stack to behave, often turns into a |
| 4 |
> method for abuse. Spoof a bunch of syn packets to a host you know |
| 5 |
> replies with a rst, and it sends all those extra packets to a victim |
| 6 |
> machine who never sent the syn packet in the first place. So that |
| 7 |
> machine sends back "port unreachables" and further clogs up their |
| 8 |
> network. |
| 9 |
|
| 10 |
This is a variation of an attack known as "Distributed Reflective Denial |
| 11 |
of Service"; most often associated with ICMP and "Destination Host |
| 12 |
Unreachable" or even ICMP echo response packets. |
| 13 |
|
| 14 |
VERY powerful attack; I've seen OC-3s brought to their knees by a kiddie |
| 15 |
on a cable modem. |
| 16 |
|
| 17 |
(Analogy points to the military technique known as "carpet-bombing". |
| 18 |
Wanna take out a host? Why not just remove his ISP from the Internet?) |
| 19 |
|
| 20 |
-- |
| 21 |
Stewart Honsberger - http://blackdeath.snerk.org/ |
| 22 |
To teach is to learn twice. |
| 23 |
-- Joseph Joubert |
| 24 |
|
| 25 |
-- |
| 26 |
gentoo-security@g.o mailing list |
Archives