On Sun, 21 Jun 1998, Brett Frankenberger wrote:
I fell out of my chair at that statement. One user/host cannot be a smurf amplifier; one network from a /30 and down can with different results.
If I modify my kernel to generate 100 ECHO REPLYs for each ICMP ECHO I recieve, how is my PC signifigantly different than a /24 behind a router that doens't have "no ip directed-boradcast" (or it's equivalent) configured, with 100 devices on it that all respond to ICMP ECHOs addressed to the boracast address?
Point noted. Damn, I get stuck every time I use a blanket statement like that. True, in your case it could be possible, but modifying the kernel of a workstation to behave like that would be somewhat foolish since it would be easily tracked back to that workstations IP address by the traffic log most clued admins would put in place when they found they were under attack. If someone is capable of modifying the kernel of a machine that doesn't belong to them, then smurf is the least of their worries; they've got a compromise to deal with. And I think in the case you've presented, it would be easy to point back to the compromised host, not that it would do you any good if the people responsible wouldn't act on the problem.
I'm not saying that I believe this rumor (or even that I've heard it before now), nor am I saying that the rumor has as much thought behind it as my previous paragraph does, nor am I saying that if you were going to implement such a thing on a Windows machine that you would implement it in system.exe. (I'm not even saying that system.exe exists.)
Hehe... Plausible (sp?) deniability? :)
But I am saying that such a thing is technically feasible. And I am saying that there are people out there who are not above writing a virus that facilitiate the use of other people's machines in DOS attacks.
Agreed. I think to be more accurate, I should say that an instance like that hasn't presented itself yet. But, it's entirely possible someone with half a clue might be able to do it on a windows box, and it's certainly possible on various UN*X platforms. The question is, would someone with that kind of skill be willing to do something with those kind of implications? If they are capable of that then a smurf attack is somewhat trivial. However, I think we're getting off topic for the list, but I'd be more than happy to continue this discussion off-list.
- Brett (brettf@netcom.com)
Regards, Joe Shaw - jshaw@insync.net NetAdmin - Insync Internet Services