Date: Fri, 21 Jan 2000 22:46:55 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: Gene Harris <zeus@tetronsoftware.com> Cc: freebsd-security@freebsd.org, Brett Glass <brett@lariat.org> Subject: Re: Follow Up to NT DoS w/stream Message-ID: <200001220646.WAA68092@apollo.backplane.com> References: <Pine.BSF.4.10.10001220019130.5546-100000@tetron02.tetronsoftware.com>
next in thread | previous in thread | raw e-mail | index | archive | help
:I then played around, using the FreeBSD box to launch an :attack with the command ./stream 10.255.255.255 0 0 10000. :Oh WOW! The network came to a screaching halt. An old :laptop 100 MHz Pentium laptop stopped responding, and a much :newer Windows 98 machine slowed noticably. The collision :light went from an occasional blink to pegged on the :network hub. The NT machine took forever to read from the CD :ROM on the Win98 machine. The linux box stopped responding :altogether. No machine crashed. I ran the attack for 30 :minutes. As soon as the attack was terminated, all boxes :returned to normal activity. : :(On interesting side note. The Redhat machine would not let :me attempt a stream attack with 10.255.255.255. It would :only return a socket: permission denied error.) : :*==============================================* :*Gene Harris http://www.tetronsoftware.com* Yes, this is called a broadcast attack. One of the most important rule sets you should have in your border router is to filter out any external packets sent to your internal broadcast address, so people outside your network can't saturate it with internal machine responses. IRC hackers often use open broadcast addresses to mount attacks on third parties. -Matt Matthew Dillon <dillon@backplane.com> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001220646.WAA68092>