[4980] in North American Network Operators' Group
Re: New Denial of Service Attack on Panix\
daemon@ATHENA.MIT.EDU (Matt Zimmerman)
Thu Oct 3 17:00:30 1996
Date: Thu, 3 Oct 1996 16:55:14 -0400 (EDT)
From: Matt Zimmerman <mdz@netrail.net>
To: Tim Bass <bass@linux.silkroad.com>
cc: nanog@merit.edu, iepg@iepg.org
In-Reply-To: <199610030757.DAA00172@linux.silkroad.com>
[CC: list rigorously trimmed]
On Thu, 3 Oct 1996, Tim Bass wrote:
> Why when an attacked host sends a SYN,ACK to an UNREACHABLE
> destination does the SYN,ACK just go down a black hole
> without an ICMP message to the originator, when I use
> 0.0.0.4 as a spoofed address?
>
> Shouldn't this be covered in an RFC somewhere as something
> that must happen?
RFC792:
If, according to the information in the gateway's routing tables,
the network specified in the internet destination field of a
datagram is unreachable, e.g., the distance to the network is
infinity, the gateway may send a destination unreachable message
to the internet source host of the datagram. In addition, in some
networks, the gateway may be able to determine if the internet
destination host is unreachable. Gateways in these networks may
send destination unreachable messages to the source host when the
destination host is unreachable.
ICMP unreachable messages are optional in any case, but there seems to be
a singularity about 0/8. Does anyone know why this is?
Try using a different bogus source address...
--
// Matt Zimmerman Chief of System Management NetRail, Inc.
// mdz@netrail.net sales@netrail.net
// (703) 524-4800 [voice] (703) 516-0500 [data] (703) 534-5033 [fax]
