[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Re: ICMP-based blind performance-degrading attack

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Re: ICMP-based blind performance-degrading attack
From: Chad Loder <fulldisc@xxxxxxxx>
Date: Wed, 20 Jul 2005 22:19:55 -0700

Darren Reed wrote:

> Ok, so you really think this is new...
> 
> Go look in the bugtraq archives for 8 July 2001 and you might find an
> email like the one below.  THere was a thread on this topic then.

Darren, you're totally off-base.  That bugtraq thread talks about
TCP-based attacks on host performance.  You can just firewall the
attacker's packets.  Even ipf can do that somewhat reliably.

The blind ICMP attacks are totally different.  Did you even read
the draft?  Maybe you'd find the CanSecWest presentation easier
to comprehend since it's broken down into short slides with
bulleted lists.

Since OpenBSD implemented fixes for the ICMP attacks, I've seen quite
a few people complaining on the lists about how they thought of all
this stuff years ago. That's getting really boring.  A more interesting
conversation would be: what are other operating systems doing to fix
their stacks?

        --Chad
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] [TOOLS] CIRT.DK WebRoot Version v.1.7
Next by Date: [Full-disclosure] [SECURITY] [DSA 764-1] New cacti packages fix several vulnerabilities
Previous by thread: [Full-disclosure] [SECURITY] [DSA 763-1] New zlib packages fix buffer overflow
Next by thread: [Full-disclosure] [SECURITY] [DSA 764-1] New cacti packages fix several vulnerabilities
Index(es):
- Date
- Thread