Jon Lewis <jlewis@inorganic5.fdt.net> writes:
Unless I'm mistaken, forged UDP requires root access and (at the volume we received) was likely from a host with T1 or better connection to the net.
You just described nearly every PeeCee at nearly every higher educational institution in North America and northern Europe, and several parts of Asia, too. Sean.
On 14 Jul 1997, Sean M. Doran wrote:
Jon Lewis <jlewis@inorganic5.fdt.net> writes:
Unless I'm mistaken, forged UDP requires root access and (at the volume we received) was likely from a host with T1 or better connection to the net.
You just described nearly every PeeCee at nearly every higher educational institution in North America and northern Europe, and several parts of Asia, too.
True. Someone else already pointed that out, but mentioned that at their institution, many of the points on the network where students have access to PC's are filtered to prevent such abuse. The typical university campus is likely subnetted and littered with routers more than capable of filtering for their subnet of campus. ------------------------------------------------------------------ Jon Lewis <jlewis@fdt.net> | Unsolicited commercial e-mail will Network Administrator | be proof-read for $199/message. Florida Digital Turnpike | ________Finger jlewis@inorganic5.fdt.net for PGP public key_______
Sean M. Doran wrote:
Jon Lewis <jlewis@inorganic5.fdt.net> writes:
Unless I'm mistaken, forged UDP requires root access and (at the volume we received) was likely from a host with T1 or better connection to the net.
You just described nearly every PeeCee at nearly every higher educational institution in North America and northern Europe, and several parts of Asia, too.
And it goes beyond that... Every PC running Windows (or any other OS, for that matter) has complete ability to do anything with IP. So, any user on a dialup line into any ISP is a possible source of attacks. This is why I think the RAS servers need to be able to filter right at the point of the dialup. There, the comparison is a simple compare of a 32 bit integer (IP address assigned to the dialup user, compared to the IP address of packets received from the user). Any discrepancies should set off alarm bells...
On Mon, 14 Jul 1997, Daniel Senie wrote:
And it goes beyond that... Every PC running Windows (or any other OS, for that matter) has complete ability to do anything with IP. So, any user on a dialup line into any ISP is a possible source of attacks.
Not at 1.5mbps :). Granted I've seen effective synflooding come from a dialup customer. Can you say luserdel. I think you can. :)
This is why I think the RAS servers need to be able to filter right at the point of the dialup. There, the comparison is a simple compare of a 32 bit integer (IP address assigned to the dialup user, compared to the IP address of packets received from the user). Any discrepancies should set off alarm bells...
It's mostly that simple, but not entirely. Filters for dialup subnet customers would likely need to make 2 comparisons. ------------------------------------------------------------------ Jon Lewis <jlewis@fdt.net> | Unsolicited commercial e-mail will Network Administrator | be proof-read for $199/message. Florida Digital Turnpike | ________Finger jlewis@inorganic5.fdt.net for PGP public key_______
participants (3)
-
Daniel Senie
-
Jon Lewis
-
smd@clock.org