[11232] in bugtraq
Re: FW-1 DOS attack: PART II
daemon@ATHENA.MIT.EDU (Spitzner, Lance)
Tue Aug 3 07:52:08 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.SO4.4.02.9907312329020.9052-100000@spitzner.net>
Date: Sat, 31 Jul 1999 23:32:19 -0500
Reply-To: lance@SPITZNER.NET
From: "Spitzner, Lance" <lance@SPITZNER.NET>
X-To: James E McWilliams <James.E.Mcwilliams@kp.org>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <"0163337A3C7D1002*/c=us/admd=
/prmd=kp/o=notes/s=Mcwilliams/g=James/i=E/"@MHS>
On 31 Jul 1999, James E McWilliams wrote:
> Good write up on the page. I have a wild one for you is in the INSPECT code do you think this problem can be solved? I am going to start looking at it tonight and see what I can get going with it. One more question I had is and I only heard back from one person saying they filled up the connections on a LINUX proxy based FW in the same matter with NMAP. I was wondering if this would work on other FW's?
Excellent question about the use of Inspect, I do not know. I
talked to several hardcore guru's it may be possible. If you
come up with anything, let us know! Meanwhile, I'll be
taking a stab at it myself :)
As for other FW's I don't know. You would have to learn how
their connections table works.
> You might be on to something big...
Bigger then I thought. I hope this doesn't blow up in my face :)
Lance
http://www.enteract.com/~lspitz
