Re: FTP denial of service attack

From: antirezat_private
Date: Tue Dec 07 1999 - 10:17:37 PST

Next message: Theo de Raadt: "Re: FTP denial of service attack"

Previous message: Henrik Nordstrom: "Re: FTP denial of service attack"
Maybe in reply to: Darren Reed: "FTP denial of service attack"
Next in thread: Theo de Raadt: "Re: FTP denial of service attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Dec 07, 1999 at 11:29:56PM +1100, Darren Reed wrote:
> Who has more free file descriptors & network ports, you or the ftp server ?

Using raw sockets it's possible to simulate a lot of descriptors/open ports.
You just needs to drop outgoing RST in order to implement your
ftpd-dos-oriented TCP/IP micro-stack with a minimal memory requirement.
In a word: the attacker has more free file descriptors & network ports every
times the exploit just do a simple operation such USER/PASS authentication.
This isn't true only for this attack but for many others and results in the
ability to perform this kind of DoS against a very big server using little
resources.

antirez

Next message: Theo de Raadt: "Re: FTP denial of service attack"
Previous message: Henrik Nordstrom: "Re: FTP denial of service attack"
Maybe in reply to: Darren Reed: "FTP denial of service attack"
Next in thread: Theo de Raadt: "Re: FTP denial of service attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:19:07 PDT