From owner-freebsd-security  Sun Feb 25 10:21:28 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id KAA10142
          for security-outgoing; Sun, 25 Feb 1996 10:21:28 -0800 (PST)
Received: from halloran-eldar.lcs.mit.edu (halloran-eldar.lcs.mit.edu [18.26.0.159])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id KAA10135
          for <freebsd-security@FreeBSD.ORG>; Sun, 25 Feb 1996 10:21:25 -0800 (PST)
Received: by halloran-eldar.lcs.mit.edu; (5.65/1.1.8.2/19Aug95-0530PM)
	id AA15742; Sun, 25 Feb 1996 13:21:16 -0500
Date: Sun, 25 Feb 1996 13:21:16 -0500
From: "Garrett A. Wollman" <wollman@lcs.mit.edu>
Message-Id: <9602251821.AA15742@halloran-eldar.lcs.mit.edu>
To: Warner Losh <imp@village.org>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Alert: UDP Port Denial-of-Service Attack (fwd) 
In-Reply-To: <199602240437.VAA14882@rover.village.org>
References: <199602240437.VAA14882@rover.village.org>
Sender: owner-security@FreeBSD.ORG
Precedence: bulk

<<On Fri, 23 Feb 1996 21:37:20 -0700, Warner Losh <imp@village.org> said:

> You'd not have these services :-)  Usually the daytime service can be
> moderately useful, since it doesn't suffer from the bombing problems
> (sure, you can get it to generate a packet, but it will be only
> one).

However, it is trivial to get the daytime service to ping-pong with
the echo service.  Same thing for the chargen service (don't know what
purpose that serves...)

> UDP is, at present, the only thing impacted.  It only takes one rogue
> packet to set them jabbering at each other (which is one reason we
> don't allow any IP packets with "src" of one of our netblock through
> our firewall).

Of course, that doesn't help you if the forged source is on someone
else's network...

> I don't see how a TCP attack could succeed given the
> three way handshake that is required by TCP to establish a connection.

Guess the Initial Sequence Number.  On old BSD systems, this was
almost trivial.  On modern BSD systems, this is much more difficult.

-GAWollman

--
Garrett A. Wollman   | Shashish is simple, it's discreet, it's brief. ... 
wollman@lcs.mit.edu  | Shashish is the bonding of hearts in spite of distance.
Opinions not those of| It is a bond more powerful than absence.  We like people
MIT, LCS, ANA, or NSA| who like Shashish.  - Claude McKenzie + Florent Vollant