[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Snatching IP on LAN, how to DoS/block such machines?
- To: FD-mailing <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Snatching IP on LAN, how to DoS/block such machines?
- From: Joachim Schipper <j.schipper@xxxxxxxxxx>
- Date: Sat, 23 Jul 2005 19:35:22 +0200
On Wed, Jul 20, 2005 at 11:27:17PM +0200, Niklas wrote:
> Oh forgot to mention this is a univeristy, open around the clock, with
> thousands of users with physical access to whatever.
>
> But I thank you kindly, Marc No Mad. You really helped out on the subject. :p
>
> Addon: I don't have access to the DHCP, or any other central
> services. So we're back the "how do i DoS my clients" on my subnet,
> based on ip/MAC?
>
> No 802.1x available here .... probably won't be in 2005....
>
> /n
There's always the option, though it may be a little more complex than
you intended, of using something like Snort+FlexResp. Load up the p2p
rulesets, modify them to shut down any offending connections.
It won't exactly DoS them, but people will need to do a lot better than
just fire up Kazaa. Of course, good attackers may try all sorts of
sneaky tricks - who are you trying to keep out? The casual p2p user, or
a determined hacker with physical access? The latter is quite difficult.
;-)
(Disclaimer: I've never tried FlexResp...)
Joachim
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/