Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: Attacks on GRC.com

Re: Attacks on GRC.com

From: Vern Paxson <vern_at_icir.org>
Date: Thu, 28 Feb 2002 17:24:58 -0800

> One issue with reflective DDoS attacks is that traditional IP Traceback
> protocols usually only send the itrace messages either to the destination
> IP or along with the packet, which means that the reflectors, not
> the victim, get the itrace messages about the path(s) to the actual
> attacker. The topic came up in that class I took about perhaps sending
> the itrace messages to both the source and destination IPs, which
> would send itrace messages to the victim in reflective DDoS (since
> the spoofed source IP is the victim's along the path from the attacker
> to the reflector), but could also lead to increased traffic depending
> on implementation. I am not sure if this idea is being researched
> at the moment.

See my paper:

        An Analysis of Using Reflectors for Distributed Denial-of-Service
        Attacks, V. Paxson, Computer Communication Review 31(3), July 2001.

        http://www.icir.org/vern/papers/reflectors.CCR.01/index.html

- Vern

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Received on Mar 01 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos