[4507] in North American Network Operators' Group
Re: router syn/syn-ack/ack alarming...
daemon@ATHENA.MIT.EDU (Mr. Jeremy Hall)
Tue Sep 17 17:56:22 1996
From: "Mr. Jeremy Hall" <jhall@rex.isdn.net>
To: regisdo@microsoft.com (Regis Donovan)
Date: Tue, 17 Sep 1996 16:41:20 -0500 (CDT)
Cc: nanog@merit.edu
In-Reply-To: <c=US%a=_%p=msft%l=RED-89-MSG-960917202335Z-16009@mail2.microsoft.com> from "Regis Donovan" at Sep 17, 96 01:23:35 pm
-->
-->um... maybe i'm missing the clue here, but if the router vendors add
-->something that shuts down an interface if the SYN/SYN-ACK/ACK ratio
-->becomes too bad make it *easier* for me if i'm doing a denial of service
-->attack on a host?
-->
-->instead of denying service to a given host, all i have to do is drive
-->the router into alarm mode so it shuts off the interface and then i get
-->to deny service to an entire segment and everything downstream from that
-->segment...
-->
-->here's to better bang for your cracker-kiddie buck...
-->--regis
-->>
-->
That could potentially take out a pop, as each interface goes down due to
an attack.
--
-------------------------------------------
| Jeremy Hall Network Engineer |
| ISDN-Net, Inc Office +1-615-371-1625 |
| Nashville, TN and the southeast USA |
| jhall@isdn.net Pager +1-615-702-0750 |
-------------------------------------------
