Re: NetQuake Protocol problem resulting in smurf like effect.

From: David Schwartz (davidsat_private)
Date: Tue May 26 1998 - 11:41:26 PDT

Next message: dauphin Robert: "HP-UX finger possible security hole"

Previous message: Black Jack: "Re: NetQuake Protocol problem resulting in smurf like effect."
Maybe in reply to: Q: "NetQuake Protocol problem resulting in smurf like effect."
Next in thread: Ambrose Feinstein: "Re: NetQuake Protocol problem resulting in smurf like effect."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    A rule for UDP based services is that until/unless you have in some
sense 'established a connection', you must not send 'a lot' more data to a
host than it has sent you. Until this rule is understood and enforced, we
will be seeing a lot more smurf-like 'magnification' attacks.

    DS

>* Through the NQ (NetQuake) Protocol it is possible to send a spoofed
>connect request packet to several <i.e 400 or so> NetQuake Servers.  This
>then will result in a flood of attempted "Connect" requests from the
>servers' end to the target machine whether that target machine carries a
>copy of Quake or not. This may be perceived in a similar way to smurf
>attack, although I'm told it requires far less bandwidth "and can be done
>from even a 14.4"

Next message: dauphin Robert: "HP-UX finger possible security hole"
Previous message: Black Jack: "Re: NetQuake Protocol problem resulting in smurf like effect."
Maybe in reply to: Q: "NetQuake Protocol problem resulting in smurf like effect."
Next in thread: Ambrose Feinstein: "Re: NetQuake Protocol problem resulting in smurf like effect."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:54:28 PDT