ICMP fragments DOS Attack
Evripidis Papakostas
evris at source.gr
Thu Feb 20 20:31:02 EET 2003
V13 wrote:
> On Tuesday 18 February 2003 23:56, Giorgos Keramidas wrote:
>
>>On 2003-02-18 18:54, Evripidis Papakostas <evris at source.gr> wrote:
>>
>>>CyberCr33p wrote:
>>>
>>>>Kapoios mou kanei dos attack stelnontas icmp fragments se enan server
>>>>mou. To attack ginetai apo 6-7 diaforetikous servers. Uparxei kapoios
>>>>tropos na empodisw na mou trwei bandwidth? H prepei anagkastika na
>>>>epikoinwnisw me ton ISP na mou blockaroun autoi ta icmp paketa pou
>>>>erxonte pros ton server mou?
>>>>
>>>minor disadvantage:
>>>den ksero gia to an glitoseis to attack etsi, pantos xoris icmp paketa,
>>>tha steritheis ektos kai tin traceroute
>>>
>>Swstos.
>>
>>An einai aparaithth h xrhsh tou traceroute, kai prepei opwsdhpote na
>>kopoun ta icmp paketa, as mou pei opoios endiaferetai. Mporei na
>>ksebaretho kai na kanw port ta local modifications tou FreeBSD
>>traceroute se Linux. Einai basismena stin ekdosh 1.4.a12 tou
>>LBL-traceroute kai epitrepoun anamesa sta alla options opws:
>>
>> % traceroute -P udp host [...]
>>
>
> H traceroute doylevei me udp alla ta replies (ttl exceeded) apo ta opoia
> katalabenei to route einai icmp paketa. Genika to na kopseis ola ta icmp den
> einai kai toso kalh lysi tis perissoteres fores. Synithos arkei na kopseis ta
> icmp-echo alla kai pali den yparxei noima mias kai ayta tha soy erxontai,
> apla den tha ta epeksergazetai to mixanima...
sosto, apo oti ksero/nomizo, kanontas traceroute, stelnei o dikos sou
host mia seira apo paketa pros ton allon host kai ksekina ena timer gia
to kathena. parallila, sto kathe ena thetei TTL (time to live apo 1 kai
afksanei kata 1 sto kathe paketo). apotelesma aftou einai afou kathe
paketo pernontas apo ena hop (endiameso router) meionetai to ttl tou
kata 1, na ftanei se kapoio hop me ttl=1 kai to ttl na ginetai 0. afou
den proorizetai gia afton kai prepei na to proothisei alla to paketo
elikse (ttl=0) aftos o router to kanei reject kai eidopoiei meso icmp
ton apostolea, esena, gia to simvan, esokleiontas ip kai onoma tou. etsi
esi ksereis gia kathe enan siga siga kathos na lamvaneis ta ttl expired
icmp paketa, apo pou perase, kai poso xrono pire (me xrisi tou kathe timer).
>
>>Giorgos
>>
> <<V13>>
>
More information about the Linux-greek-users
mailing list