1 |
Scott Taylor wrote: |
2 |
> Replying in a specific manner which may have been at one point the |
3 |
> proper and polite way for an IP stack to behave, often turns into a |
4 |
> method for abuse. Spoof a bunch of syn packets to a host you know |
5 |
> replies with a rst, and it sends all those extra packets to a victim |
6 |
> machine who never sent the syn packet in the first place. So that |
7 |
> machine sends back "port unreachables" and further clogs up their |
8 |
> network. |
9 |
|
10 |
This is a variation of an attack known as "Distributed Reflective Denial |
11 |
of Service"; most often associated with ICMP and "Destination Host |
12 |
Unreachable" or even ICMP echo response packets. |
13 |
|
14 |
VERY powerful attack; I've seen OC-3s brought to their knees by a kiddie |
15 |
on a cable modem. |
16 |
|
17 |
(Analogy points to the military technique known as "carpet-bombing". |
18 |
Wanna take out a host? Why not just remove his ISP from the Internet?) |
19 |
|
20 |
-- |
21 |
Stewart Honsberger - http://blackdeath.snerk.org/ |
22 |
To teach is to learn twice. |
23 |
-- Joseph Joubert |
24 |
|
25 |
-- |
26 |
gentoo-security@g.o mailing list |