|
Vulnerability Development
mailing list archives
Re: Naptha - New DoS
From: AV <av () GREMLIN RU>
Date: Mon, 11 Dec 2000 18:47:40 +0300
Mon, 11 Dec 2000 09:47:54 +0100 Stephane Aubert wrote:
Overview of the attack
======================
This attack can be launched from several sources (such as ddos
infected computers or else) and use a very specific RESET server.
[snip]
New idea:
---------
In order to consume resources on the victim ONLY and deny it, we use a
reset server to close the connection on the attacker side.
Possibly, it's a good solution to use something similar to the traffic
shaper, which should permit no more than MAX_CONN_PER_IP open
connections from one given IP. I suppose, now it is a "must have"
feature of every firewall. The only disadvantage I can suggest: the
attacker may use more than one computer to launch the exploit, but
finding an additional computer is much harder than a number of loop
iterations.
---
Alexey V. Vissarionov,
av () gremlin ru
 By Date 
By Thread
Current thread:
- Re: Naptha - New DoS, (continued)
Re: Naptha - New DoS Jonas Thambert (Dec 09)
Re: Naptha - New DoS M ixter (Dec 09)
| 
Intro
