OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Networking theories
From: Jesus Oquendo (intrusionENGINEER.COM)
Date: Thu May 04 2000 - 17:09:07 CDT

While this is not a vuln-dev I figured I would post it
since it is security related. Apologies for the spammage if
this has been addressed before.

Theories:

If source quench packets were sent as a spoofed host, and
sent to a destination in which someone were trying to slow
down traffic as a form of Denial of Service attack would it
work?

victim.org(spoofed) ---> ICMP(source-quench) --->
router.victim.org
 
Someone wants to slow down victim.org so would sending
sourch quenches to victim.org's router claiming to be
victim.org stating slow down any traffic coming to
victim.org slow it down?
 
What about poisining ARP addresses on a network... If
packets were sent to a network from an attacker who somehow
gained MAC addresses, or would that network's router be
able to filter out that type of traffic from coming in
validly? If so then via the access list of protocol type?

Or if the router was not properly configured to determine
that these ARP's are valid would it add these new changes
that the attacker is sending as valid routing information
and update its routing table addresses and or perhaps
damage any relevant information for that network? Spanning
Tree Protocol's, OSPF information, etc...
 
What about the possibilty of "route poisining" might seem
outrageous but what if complete routing changes were
remotely forced via some sort of spoofed data such as ARP
floods, Spanning Tree based bogus traffic coming onto the
network... Wouldn't router cost's be jeapordized resulting
in a total nightmare... Ever heard or seen about any
type of DoS like this, or have any links they'd care to e-
mail me on this subject?