[26838] in North American Network Operators' Group
Re: New form of packet attack named Stream
daemon@ATHENA.MIT.EDU (Vadim Antonov)
Thu Jan 20 17:15:40 2000
Date: Thu, 20 Jan 2000 14:13:35 -0800
From: Vadim Antonov <avg@kotovnik.com>
Message-Id: <200001202213.OAA29641@kitty.kotovnik.com>
To: jamie@exodus.net
Cc: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
Jamie Rishaw <jamie@dilbert.exodus.net> wrote:
> Unless you are
> Vixie
> Hubbard
> Cerf
> Donelan
> Manning
> Bush
> Jesus Christ
(Randy, you _do_ look like a biblical personage :)
> A major s/w key figure
> or comparable entity
> .. or someone that knows me IRL, and has for some time .. please do not
> e-mail me asking for the code.
Actually, you provided enough details, so any unix guy who knows
his sockets can write the program in fifteen minutes.
This type of attack was known for a long time (and there are even
nastier variations using TCP header bits and fragments), and, unfortunately,
there's no good defense against it.
The core routers are indeed vulnerable; is there any router which
has an access list for restricting packet flow to the routing processor?
(My knowledge of latest-and-greatest features from OFRV is somewhat outdated).
A toyed with the idea of reverse-path verification coupled with
some kind of super-squelch message; but so far all such schemes have
holes in them. DoS attacks are a real scourge.
--vadim
