OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Networking theories
From: Aussie (aussieAUSSIE.MINE.NU)
Date: Sun May 07 2000 - 20:58:59 CDT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 6 May 00, at 9:21, Matthew King wrote:

> Hi.
>
> I am not sure how easy something like this would be to put into
> practise.
>
> Source Quench packets contain the first 64 bytes of the original
> datagram's data.. You would have to obtain this information some how,
> perhaps via sniffing. If I am wrong, please let me know.. As far as I
> can tell, this would be the limiting factor to using this as a type of
> DoS.

Just as a thought, if such a DoS was so difficult, why would I be
logging lots of ICMP Type 3 packets at my firewall from IP's that have
not been connected to? The most recent one (involving approx 200
packets over a few seconds) was supposedly from 10.240.x.x, not even
available on my internal network. Quite obviously these packets are
spoofed, but if their is no real way to D0S a system with them, why
would someone spoof them?
Unfortunately, using Windows 9x, I am unable to give you tcp dumps of
the packets....if anyone knows of a program to do this, please let me
know.

Aussie

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60
Comment: Please verify this signature. http://www.pgpi.com

iQA/AwUBORWSw5Zb9oayhFBBEQIEgACeKOI94+4KudXGGRcbs1tgLRHWaSMAnimg
GawC4tir2HVsulMOZwBa2wZ4
=itAw
-----END PGP SIGNATURE-----

PGP Key Block available at:
http://aussie.mine.nu/aussie/pgp_key.txt