[13161] in bugtraq
Re: The "Mac DoS Attack," a Scheme for Blocking Internet
daemon@ATHENA.MIT.EDU (der Mouse)
Fri Dec 31 03:53:50 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Message-Id: <199912301900.OAA03626@Twig.Rodents.Montreal.QC.CA>
Date: Thu, 30 Dec 1999 14:00:49 -0500
Reply-To: der Mouse <mouse@RODENTS.MONTREAL.QC.CA>
From: der Mouse <mouse@RODENTS.MONTREAL.QC.CA>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
> [...new(?) smurf-style DoS attack...]
> Prevention
> [...]
> The Internet Service Providers (ISPs) must take action to drop long
> ICMP packets in the backbone networks (any packet longer than 1499
> bytes, at least).
This strikes me as a very bad idea. It's rather like saying, NFS can
be used to attack insecure machines, so let's block NFS packets on
long-haul links: yes, it's true that such attacks are possible, but the
facility is useful and the *correct* thing to do is to secure the
insecure machines, not break the (useful) underlying facility for
everyone else. (Rather like the SSRR and LSRR IP options, though I
realize *that* fight was in practice lost long ago.)
der Mouse
mouse@rodents.montreal.qc.ca
7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
