Re: Blitzkrieg Server -- For Real?!

From: tqbfat_private
Date: Mon May 11 1998 - 22:21:53 PDT

  • Next message: Rudolf Schreiner: "Re: ODBC"

    > source IP addresses. Unless _every_ router from the attacker keeps a 
    > complete traffic log, _including_ the port/line from which a particular 
    > packet was received, it is not possible to trace such a spoof back after 
    > the fact. (It is extremely hard to do _while_ it is happening; compare to 
    This is not (specifically, in point of technical fact) true. It is
    possible for a cooperating path of routers to trace back IP traffic
    without logging all of it; I would not expect reasonably reliable (in
    terms of ratio of successful traces to failures) to be difficult to
    implement if the world agreed on a protocol to do so.
    Protocols that allow routers to cooperatively trace back IP packets are
    already in development. In order to implement something like this, all you
    would need would be some appropriately sized cache of (address, interface)
    tuples. Within some window of time, it would be possible to query the
    router for the physical interface (or, more likely, the next-hop back)
    associated with any given packet received from it.
    There are already Perl scripts that (very crudely) force chains of routers
    to "cooperate" using their enable passwords and debugging interfaces.
    I'm just posting this to clear up any misunderstandings that anyone might
    have received about how feasable it is to trace IP traffic; I don't think
    we know enough about the subject to say conclusively whether it's
    feasable. However, the assumption that persistant logging would be
    required to do it probably isn't true.
    Of course, this has no bearing whatsoever on that idiotic press
    announcement about the "Blitzkrieg" server. No real commercial
    organizations with brains enough to retain an attorney would be dumb
    enough to design and produce software that launched counterattacks.
    Thomas H. Ptacek			     		Secure Networks, Inc.
    -----------------------------------------------------------------------------	 "If you're so special, why aren't you dead?"

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:59:05 PDT