ICMP fragments DOS Attack

[George Daflidis-Kotsis]

On Tue, Feb 18, 2003 at 11:56:42PM +0200, Giorgos Keramidas wrote:

> On 2003-02-18 18:54, Evripidis Papakostas <evris at source.gr> wrote:
> > CyberCr33p wrote:
> > >Kapoios mou kanei dos attack stelnontas icmp fragments se enan server
> > >mou. To attack ginetai apo 6-7 diaforetikous servers. Uparxei kapoios
> > >tropos na empodisw na mou trwei bandwidth? H prepei anagkastika na
> > >epikoinwnisw me ton ISP na mou blockaroun autoi ta icmp paketa pou
> > >erxonte pros ton server mou?
> >
> > minor disadvantage:
> > den ksero gia to an glitoseis to attack etsi, pantos xoris icmp paketa,
> > tha steritheis ektos kai tin traceroute
> 
> Swstos.
> 
> An einai aparaithth h xrhsh tou traceroute, kai prepei opwsdhpote na
> kopoun ta icmp paketa, as mou pei opoios endiaferetai.  Mporei na
> ksebaretho kai na kanw port ta local modifications tou FreeBSD
> traceroute se Linux.  Einai basismena stin ekdosh 1.4.a12 tou
> LBL-traceroute kai epitrepoun anamesa sta alla options opws:
> 
> 	% traceroute -P udp host [...]

Mporeis na kopseis oti 8eleis sto box, alla ean to icmp traffic ftasei
sto LAN sou, ton hpies.

To ICMP traffic prepei na kopei sta border routers sou kai mono otan 
proerxetai ap ta uplink sou.

Filika.

-- 
[george daflidis-kotsis - systems admin,web/e-commerce - gdk at demon.net]