[68433] in North American Network Operators' Group
Re: Counter DoS
daemon@ATHENA.MIT.EDU (Gregory Taylor)
Thu Mar 11 16:01:26 2004
Date: Thu, 11 Mar 2004 12:54:51 -0800
From: Gregory Taylor <greg@xwb.com>
To: Rachael Treu <rara@navigo.com>
Cc: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
Yes, lets allow the kiddies who already get away with as little work as
they can in order to produce the most destruction they can, the ability
to use these 'Security Systems' as a new tool for DoS attacks against
their enemies.
Scenerio:
Lets say my name is: l33th4x0r
I want to attack joeblow.cable.com because joeblow666 was upset that I
called his mother various inappropriate names.
I find IP for joeblow.cable.com to be 192.168.69.69
I find one of these 'security' systems, or multiple security systems,
and i decide to forge a TCP attack from 192.168.69.69 to these 'security
systems'.
These 'security systems' then, thinking joeblow is attacking their
network, will launch a retaliatory attack against the offender,
192.168.69.69 thus destroying his connectivity.
Kiddie 1 Joeblow 0 The Internet as a whole 0
Greg
Rachael Treu wrote:
>Mmm. A firewall that lands you immediately in hot water with your
>ISP and possibly in a courtroom, yourself. Hot.
>
>Legality aside...
>
>I don't imagine it would be too hard to filter these retaliatory
>packets, either. I expect that this would be more wad-blowing
>than cataclysm after the initial throes, made all the more ridiculous
>by the nefarious realizing the new attack mechanism created by these
>absurd boxen. A new point of failure and an amplifier rolled all
>into one! Joy!
>
>More buffoonery contributed to the miasma. Nice waste of time,
>Symbiot. Thanks for the pollution, and shame on the dubious ZDnet
>for perpetuating this garbage.
>
>ymmv,
>--ra
>
>
>
