[733] in Intrusion Detection Systems
Re: c4i-pro Denial-of-service at panix
daemon@ATHENA.MIT.EDU (cyberclay)
Wed Sep 18 04:45:52 1996
Date: Mon, 16 Sep 1996 08:21:44 -0400 (EDT)
To: ids@uow.edu.au
From: cyberclay <cyberc29@mail.idt.net>
Reply-To: ids@uow.edu.au
At 12:16 PM 9/13/96 -0700, you wrote:
>Forwarded as a matter of interest.
>frank
>&&&&&&&&&&&&
>X-Authentication-Warning: azure.stl.nps.navy.mil: majordom set sender to
owner-c
>4i-pro@stl.nps.navy.mil using -f
>From: Don McGregor <mcgredo@stl.nps.navy.mil>
>Subject: c4i-pro Denial-of-service at panix
>[...]
>
>Don McGregor <mcgredo@stl.nps.navy.mil>
>
>It seems that panix, a New York internet service provider, is undergoing
>a denial-of service attack.
>
>The writeup for the masses is at
>
>http://www.washingtonpost.com/wp-srv/WPlate/1996-09/12/156L-091296-idx.html
>
>The technical details are at
>
>http://www.fc.net/phrack/files/p48/p48-14.html
>
>The attack described in the phrack article is actually much more
>sophisticated than that apparently used by the panix attacker.
>The panix guy is apparently only using the denial-of-service
>portion, rather than the full-on IP spoofing approach described
>by daemon9, of which denial-of-service is one part.
>
>
>frank swift (510) 422-1463 uncl@llnl.gov (510) 423-0913 fax
>Key fingerprint =3D 1A 14 02 5A 76 B2 BD 47 C0 3E ED 9A C5 3B 81 2D
>
>
Hmmm...interesting. Strange, how such a big ISP had no protection against
such things. There are rumors going round the "underground" about how to
stop this type of thing. One person said that they should just make the
buffer bigger. Hah. This would just cause the attacker to send more
packets, at a faster rate. There are two points of this attack that
particularly interest me.
First, there really isn't much of a solution. It would take too long for
all the ISP's to put up guards against this type of thing. SYN is the way
of the net.
Second, anyone can do this. I have the file up at my site, because I want
people to know this. If I wanted people to take down ISP's, I would have
stuck the compiled version up there...that way everyone can use it. Not
just the people with Microsoft Visual C++.
Just some of my opinions...
Regards,
cyberclay
---------------------------------------------------------------------------
"We are the music makers. We are the dreamers of the Dreams. We are smarter
than you. We will survive."=20
Check out my web site. I have files, links, and lots of other k-rad stuff
:-=FE
http://shell.idt.net/~cyberc29
:-=FE
---------------------------------------------------------------------------
