From: ichudov@Algebra.COM (Igor Chudov @ home)
To: mpd@netcom.com (Mike Duvos)
Message Hash: 99cf50a847c3ef92cb4207984ad768a05e96badbb1763770fca8b98c5fe8d020
Message ID: <199706070111.UAA26287@manifold.algebra.com>
Reply To: <199706062352.QAA18259@netcom3.netcom.com>
UTC Datetime: 1997-06-07 01:18:40 UTC
Raw Date: Sat, 7 Jun 1997 09:18:40 +0800
From: ichudov@Algebra.COM (Igor Chudov @ home)
Date: Sat, 7 Jun 1997 09:18:40 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: Trash your Enemy's Server
In-Reply-To: <199706062352.QAA18259@netcom3.netcom.com>
Message-ID: <199706070111.UAA26287@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text
Mike Duvos wrote:
>
>
> Igor writes:
>
> [C program which allegedly does a DoS attack on a server]
>
> I thought the correct way to do this was to spew packets with random
> return addresses and fill up the host's listen table with half open TCP
> connections waiting to time out.
There are patches that protect against this. The DOS attack that you mention
has been beaten to death in BugTraq and other places. It worked great until
all major OSes were patched. (of course some backwards sites still run
unpatched OSes)
It is very hard to protect against my attack, because it can only be done
at the application level. xinetd _may_ be helpful, though, if the service
being attacked is started from [x]inetd.
> Opening 1,000 genuine TCP connections to a host wastes both the host's
> resources as well as yours, and is a tad obvious should your target
> log packets with your IP address in them.
Yes, BUT most typically a new connection creates only a new file
descriptor on the host, and a whole new process on the target host.
- Igor.
Return to June 1997
Return to “mpd@netcom.com (Mike Duvos)”