A rule for UDP based services is that until/unless you have in some sense 'established a connection', you must not send 'a lot' more data to a host than it has sent you. Until this rule is understood and enforced, we will be seeing a lot more smurf-like 'magnification' attacks. DS >* Through the NQ (NetQuake) Protocol it is possible to send a spoofed >connect request packet to several <i.e 400 or so> NetQuake Servers. This >then will result in a flood of attempted "Connect" requests from the >servers' end to the target machine whether that target machine carries a >copy of Quake or not. This may be perceived in a similar way to smurf >attack, although I'm told it requires far less bandwidth "and can be done >from even a 14.4"
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:54:28 PDT