OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: Re: Denial of service

Re: Denial of service

Gigi Sullivan (sullivanseclab.com)
Wed, 19 Aug 1998 17:48:06 +0200 (CEST)

Hi there :)

Well, indeed DoS' attack were used in the past also to gain
access to a machine, not only to corrupt a service's work.
That involved also another exploitation (ie that DoS only couldn't lead to
nothing, but was foundamental).
Have you ever read Shimomura's paper about Mitnick's break ?
He simple show how a trust relationship, again with ip spoofing and
DoS (TCP SYN attack (also said by Bellovin many years ago "A Weakness in
the TCP/IP protocol suite) were used to ESTABILISH a "fake" (but "real")
login session.

Best regards,

                
                        -- gg sullivan 

--
Lorenzo Cavallaro
Intesis SECURITY LAB            Phone: +39-2-671563.1
Via Settembrini, 35             Fax: +39-2-66981953
I-20124 Milano  ITALY           Email: sullivanseclab.com

On Tue, 18 Aug 1998, Pawel Maciejewski wrote:

> Date: Tue, 18 Aug 1998 13:08:04 +0200 (MET DST)
> From: Pawel Maciejewski <lukeyhack.dk>
> To: City <strykerWPI.EDU>
> Cc: firewall-wizardsnfr.net
> Subject: Re: Denial of service
> 
> 
> Denial of Service (called also DoS) is a type of attack which is used 
> not to gain acces to machine, but to corrupt it's work (hang, roboot etc)
> 
> Examples : land, teardrop, boink, winnuke, latierra (modified latierra),
> nestea, ping of death, smurf and many many more..
> 
> You can even use the fork() function to cause simply DoS attack
> 
> Greets 
> 
> -= Signed =-
> -= Pawel Maciejewski =-
> -= e-mail : lukeyhack.dk IRC #hack, #hackpl, #hax =-
> 
> 
>

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:40 CDT