[4946] in North American Network Operators' Group
Re: New Denial of Service Attack on Panix\
daemon@ATHENA.MIT.EDU (Tim Bass)
Thu Oct 3 04:04:06 1996
From: Tim Bass <bass@linux.silkroad.com>
To: bass@cais.cais.com (Tim Bass)
Date: Thu, 3 Oct 1996 03:57:42 -0400 (EDT)
Cc: freedman@netaxs.com, bass@cactus.silkroad.com, nanog@merit.edu,
iepg@iepg.org
In-Reply-To: <199610030706.DAA05903@cais.cais.com> from "Tim Bass" at Oct 3, 96 03:06:15 am
Nevermind the 'clear the sockets thing' I just attack an inetd
port and then kill inetd and they go away, which allows me to
work faster in the lab.
I guess my real question to someone who is more familiar with
'RFC' history is the same as the last post...
Why when an attacked host sends a SYN,ACK to an UNREACHABLE
destination does the SYN,ACK just go down a black hole
without an ICMP message to the originator, when I use
0.0.0.4 as a spoofed address?
Shouldn't this be covered in an RFC somewhere as something
that must happen?
The reason I ask is obvious.... if I could get the error message
I could have tcp_err() do some quick and dirty cleaning of
the queue (and at least have a piece of this puzzle in place..)
Thanks,
Tim
