From owner-freebsd-security Fri Jan 21 15:39:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id 58B5315620 for ; Fri, 21 Jan 2000 15:39:34 -0800 (PST) (envelope-from brett@lariat.org) Received: from workhorse (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2]) by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id QAA25728; Fri, 21 Jan 2000 16:39:17 -0700 (MST) Message-Id: <4.2.2.20000121163754.0198a470@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Fri, 21 Jan 2000 16:39:14 -0700 To: Brad Guillory , freebsd-security@FreeBSD.ORG From: Brett Glass Subject: Re: Some observations on stream.c and streamnt.c In-Reply-To: <20000121171759.D56672@baileylink.net> References: <200001212258.OAA64329@apollo.backplane.com> <200001212258.OAA64329@apollo.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 04:17 PM 1/21/2000 , Brad Guillory wrote: >I don't understand how a "script kiddie" is going to garner the bandwidth >to run an attack into the multi-megabit range. This is not a leveraged >attack (right?). What kind of packet rate are we talking about to reboot >a system, I understand that this will depend on the equipment, but I am >interested in any numbers that would allow me to evaluate the real impact >that this DOS will have. Most people that have enough bandwidth to launch >a multi-megabit attack have better things to do than (or is it then) to pick >on me. Have you ever heard of Tribe Flood Network? Stacheldraht? It's possible to HIJACK the bandwidth from all over the net. Your upstream ISP's router focuses the attack on your system like a magnifying glass gathering the sun's rays. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message