[4945] in North American Network Operators' Group
Re: New Denial of Service Attack on Panix\
daemon@ATHENA.MIT.EDU (Tim Bass)
Thu Oct 3 03:09:45 1996
From: Tim Bass <bass@cais.cais.com>
To: freedman@netaxs.com (Avi Freedman)
Date: Thu, 3 Oct 1996 03:06:15 -0400 (EDT)
Cc: bass@cactus.silkroad.com, nanog@merit.edu, iepg@iepg.org
In-Reply-To: <199610030646.CAA27328@access.netaxs.com> from "Avi Freedman" at Oct 3, 96 02:46:37 am
Two things:
(1)
>
> When there's nothing listening on those ports all the sockets, descriptors,
> queues, pcbs, etc... go away.
How about when a socket is actively listening?
(2)
Why when I do a traceroute to 0.0.0.4 or some similar bogus route,
the router does not send an ICMP destination unreachable error
back to me?
My plan tonight was to hack the tcp_err() routine for sockets in
the SYN_RECV state that is looking for an ACK and got an ICMP
UNREACHABLE instead.... however, the ICMP UNREACHABLE CLUES
never come. As my 5 year old nephew says.... " I NEED THAT !"
Shouldn't these error messages be returned 'as a rule' ??
Thanks,
Tim
