[4442] in North American Network Operators' Group
Re: New Denial of Service Attack on Panix
daemon@ATHENA.MIT.EDU (Bill Sommerfeld)
Tue Sep 17 00:02:03 1996
Date: Mon, 16 Sep 1996 23:55:19 -0400
From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
To: Tim Bass <bass@cactus.silkroad.com>
Cc: c-huegen@quad.quadrunner.com (Craig A. Huegen), kwe@6SigmaNets.com,
nanog@merit.edu, iepg@iepg.org
In-Reply-To: "[4439] in North American Network Operators' Group"
(2) Using documented stochastic methods, look for the hidden
pattern in the pseudo-random sequences. There are computer
programs to do this, sorry, I would have to do a search to
find one (the exist, however);
Watch out for this step, it's a doozey.
The attacker could be using a non-cryptographic random number
generator (like rand() or random()), but if he had a clue, he would be
using a cryptographic random number generator based on DES, IDEA, RC4,
etc., to generate the random bitstream to fill the headers.
He could also be using /dev/random on late-model linux systems which
would probably be even harder to reverse-engineer.
- Bill
