From owner-freebsd-hackers  Sat May  3 03:34:54 1997
Return-Path: <owner-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id DAA22427
          for hackers-outgoing; Sat, 3 May 1997 03:34:54 -0700 (PDT)
Received: from panda.hilink.com.au (panda.hilink.com.au [203.2.144.5])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id DAA22422
          for <hackers@FreeBSD.ORG>; Sat, 3 May 1997 03:34:47 -0700 (PDT)
Received: (from danny@localhost) by panda.hilink.com.au (8.8.5/8.7.3) id UAA07424; Sat, 3 May 1997 20:35:21 +1000 (EST)
Date: Sat, 3 May 1997 20:35:20 +1000 (EST)
From: "Daniel O'Callaghan" <danny@panda.hilink.com.au>
To: Adrian Chadd <adrian@obiwan.psinet.net.au>
cc: hackers@FreeBSD.ORG
Subject: Re: SPAM target
In-Reply-To: <Pine.BSF.3.95q.970503165208.9426B-100000@obiwan.psinet.net.au>
Message-ID: <Pine.BSF.3.91.970503203316.4479O-100000@panda.hilink.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk



On Sat, 3 May 1997, Adrian Chadd wrote:

> 
> > A T1 line is capable of 192kbytes/sec, so 192 collaborators would be able 
> > to saturate a T1 line with essentially zero cost to themselves.  Because 
> > of the spoofed src addresses, the cost of receiving the RST packets is 
> > spread throughout the entire Internet.
> > 
> 
> Try making the src IP 127.0.0.1 .. I don't know how many people firewall
> packets at their routers with a source IP of that (which reminds me, I
> have to *grin*)

Many do.  That's why src host should be randomly "real".
 
> Problem is Linux DOES have some interesting (development) anti-DoS code 
> (someone have a look at the 2.0.30 kernel, or the ISS patches to 2.0.29).

Who cares about Linux?  Forget the host, just saturate their link, and 
stop people reading their web pages.

Another target is ispam.net.
 
Danny