Gentoo Archives: gentoo-security

From: Stewart Honsberger <blkdeath@g.o>
To: Scott Taylor <scott@××××××××××××××××.net>
Cc: gentoo-security@l.g.o
Subject: Re: [gentoo-security] firewall suggestions?
Date: Sat, 31 Jan 2004 09:11:02
In Reply to: Re: [gentoo-security] firewall suggestions? by Scott Taylor
Scott Taylor wrote:
> Replying in a specific manner which may have been at one point the > proper and polite way for an IP stack to behave, often turns into a > method for abuse. Spoof a bunch of syn packets to a host you know > replies with a rst, and it sends all those extra packets to a victim > machine who never sent the syn packet in the first place. So that > machine sends back "port unreachables" and further clogs up their > network.
This is a variation of an attack known as "Distributed Reflective Denial of Service"; most often associated with ICMP and "Destination Host Unreachable" or even ICMP echo response packets. VERY powerful attack; I've seen OC-3s brought to their knees by a kiddie on a cable modem. (Analogy points to the military technique known as "carpet-bombing". Wanna take out a host? Why not just remove his ISP from the Internet?) -- Stewart Honsberger - To teach is to learn twice. -- Joseph Joubert -- gentoo-security@g.o mailing list