[34632] in North American Network Operators' Group
Re: Using unallocated address space - for DoS?
daemon@ATHENA.MIT.EDU (Sean Donelan)
Wed Feb 14 20:19:17 2001
Date: 14 Feb 2001 17:14:55 -0800
Message-ID: <20010215011455.65.cpmta@c004.sfo.cp.net>
Content-Type: text/plain
Content-Disposition: inline
Mime-Version: 1.0
To: nanog@merit.edu
From: Sean Donelan <sean@donelan.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 14 February 2001, "Miguel A.L. Paraz" wrote:
> On Wed, Feb 14, 2001 at 09:21:32AM -0500, Steven M. Bellovin wrote:
> > You don't have to break into the "right" router; you just have to start
> > announcing the networks in a way that your peers don't -- can't --
> > detect is improper.
>
> I did not mean that the network operator was malicious. I meant, in the same
> way that vulnerable servers are broken into and used for DoS, can routers
> be broken into and do DoS via blackholes? I think it is hard unless you
> know the right combination of vulnerable router (sniffable LAN?) and
> unprotected upstream or peer.
Once again, you don't need to break into someone else's routers. This
isn't an exploit list, so I'm not going to post a cookbook on how to do
it. But due to the limited protection in some networks, it remains a
relatively simple attack or accident waiting to happen.
Why break into a bank, when you can push a button on the side of the
building and money comes out. Unlike a cash machine, where you need
to know at least a PIN in addition to some working bank account number,
you can wipe out almost any IP address you don't like with essentially
no authentication.
