mailing list archives
Re: Denial of Service Attacks INFO
From: fc () all net (Fred Cohen)
Date: Thu, 23 May 1996 16:13:26 -0400
Matthew (matt () ott opcom ca) wrote:
On a similar note, a more practical example is this
condition will occur if any NFS request (mount, getattr, etc.
etc.) has the source IP field set to 127.0.0.1. This can
happen in certain circumstances - I believe there is a patch
for HP/UX 9.x under certain platforms that prevents this
specific condition from occurring. (Any HP that mounts a
SunOS 4.1.x server could cause it to crash merely by mounting
If anyone is feeling frisky, start playing with a SunOS box
and try injecting spurious IP packets onto the wire... since
SunOS doesn't have the nifty DLPI interface that Solaris has,
it is probably susceptible to many, many similar attacks
using the standard IP stack.
Indeed, ipsend tests crash many boxes at this time, and that's just
using standard off-the shelf tests.
The way to stop many of these classes of attacks from over the Internet
is to follow the recommendations in "Eliminating IP Address Forgery"
(available at http://all.net/ under the Info-Sec Super Journal in
"Network Security") - however, these techniques will not stop them all.
From port: 7
To port: 11
When each is a legitimate address will cause such a loop. Since each is
a legitimate address and each is on a different service port, even some
fairly sophistocated router-based defenses fail. Good advice is to turn
off all UDP services that don't have strict format requirements.
-> See: Info-Sec Heaven at URL http://all.net/
Management Analytics - 330-686-0090 - PO Box 1480, Hudson, OH 44236