OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Traceroute problems
From: David Luyer (david_luyerpacific.net.au)
Date: Tue Aug 29 2000 - 05:12:12 CDT

> > wait.tv_sec = tp->tv_sec + waittime;
> > wait.tv_usec = tp->tv_usec;
> > (void)gettimeofday(&now, &tz);
> > tvsub(&wait, &now);
> >
> > Could overflow the tv_sec variable (which is of type long and signed),
>
> Yep. And I can write
>
> while(1)
> {
> send_udp_datagram();
> }
>
> as a user anyway

Definitely.

Any kind of per-user UDP rate-limiting (or TCP initial connection
rate-limiting) would have to be in the kernel. Or just do it for
the whole system on a nearby router. Set it up so you get snmp
traps for thresholds being exceeded, automatically page your NOC,
have them log in, diagnose and rmuser whoever did it. :-)

[just as long as your NOC isn't as incompetent as BTInternet...
send them logs of someone instigating a DDoS attack via a system
they previously hacked and they say "thanks for the mail relay
report" "thanks for reporting a port scan but port scans aren't
a problem" "thanks for reporting usenet abuse/spamming"... just
waiting for their next response... must be some massive IT staff
shortage over in the UK for them to have a NOC team who do not
know what a DDoS is and realise it should be sent on to someone
with mild clue]

David. 

-- 
----------------------------------------------
David Luyer
Senior Network Engineer
Pacific Internet (Aust) Pty Ltd
Phone:  +61 3 9674 7525
Fax:    +61 3 9699 8693
Mobile: +61 4 1064 2258, +61 4 1114 2258
http://www.pacific.net.au        NASDAQ: PCNTF
<< fast 'n easy >>
----------------------------------------------