Re: Why would someone DoS a free-lance writer?

From: Markus Kern (markus-kernat_private)
Date: Mon Jul 02 2001 - 07:39:22 PDT

  • Next message: Jens Hektor: "Re: solaris hack info required"

    gabriel rosenkoetter <grat_private> wrote:
    > 
    > Um, is the fact that Gnutella use by users in a DHCP range an
    > effective DoS of future users of that IP from their ISP not,
    > perhaps, bearing of discussion?
    > 
    > Gnutella has the ability to make even my ADSL go chunky style long
    > after the user of it within the apartment has quit the program. I
    > don't even want to *think* about what it would do to a PPP/SLIP
    > modem link.
    
    The only traffic you get after closing Gnutella are 
    TCP SYN packets from clients trying to open a new connection.
    Looking at the few connection attemps I get on my ISDN line
    when running Gnutella I doubt that this could DoS anything.
    
    > I really have felt like I was being DoSed because of this in the
    > past, in that my service was denied, not in that someone was out to
    > get me. Perhaps not the easiest security compromise ("Get someone to
    > run Gnutella!"), but it seems like changes could be requested in the
    > way Gnutella clients cache and rebroadcast IP addresses...
    
    You wouldn't even have to make the target run Gnutella. It's trivial 
    to inject arbitrary IPs into the Gnutella network. Besides that, if 
    you can get someone to run Gnutella you can make them run a trojaned
    version too.
    
    The only posibility I can think of to prevent this kind of DoS 
    (DDoS actually) would be to attach some sort of timeout value to the
    IP and pass it along from client to client and drop the IP when it
    gets too old. This would involve having the internal timers of the 
    clients synced somehow though.
    
    -- Markus <markus-kernat_private>
    
    
    ----------------------------------------------------------------------------
    
    
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:
    
    http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Mon Jul 02 2001 - 10:33:09 PDT