Date: Fri, 21 Jan 2000 22:59:15 -0800 (PST) From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> To: dillon@apollo.backplane.com (Matthew Dillon) Cc: zeus@tetronsoftware.com (Gene Harris), freebsd-security@FreeBSD.ORG, brett@lariat.org (Brett Glass) Subject: Re: Follow Up to NT DoS w/stream Message-ID: <200001220659.WAA60141@gndrsh.dnsmgr.net> In-Reply-To: <200001220646.WAA68092@apollo.backplane.com> from Matthew Dillon at "Jan 21, 2000 10:46:55 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> :I then played around, using the FreeBSD box to launch an > :attack with the command ./stream 10.255.255.255 0 0 10000. > :Oh WOW! The network came to a screaching halt. An old > :laptop 100 MHz Pentium laptop stopped responding, and a much > :newer Windows 98 machine slowed noticably. The collision > :light went from an occasional blink to pegged on the > :network hub. The NT machine took forever to read from the CD > :ROM on the Win98 machine. The linux box stopped responding > :altogether. No machine crashed. I ran the attack for 30 > :minutes. As soon as the attack was terminated, all boxes > :returned to normal activity. > : > :(On interesting side note. The Redhat machine would not let > :me attempt a stream attack with 10.255.255.255. It would > :only return a socket: permission denied error.) > : > :*==============================================* > :*Gene Harris http://www.tetronsoftware.com* > > Yes, this is called a broadcast attack. One of the most important > rule sets you should have in your border router is to filter out > any external packets sent to your internal broadcast address, so > people outside your network can't saturate it with internal machine > responses. > > IRC hackers often use open broadcast addresses to mount attacks on > third parties. And people wonder how we get to 300 and 400 rule filter sets :-). We are now just over 100 rules just for IP broadcast addresses... and thats only protecting a very densly subnetted /22 (lots of p2p /30's in it). -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001220659.WAA60141>