(PM) DoS attack

David Denney (daud@dimensional.com)
Mon, 23 Feb 1998 11:19:46 -0700

I'v been expecting Livingston fix their problem with announcing routes
(via OSPF) that a portmaster cannot reach for some time. It seems to be
violation of standards to announce a route you cannot reach, and then
bounce it to your default gateway when not present. The obvious acceptable
behavior it to return an ICMP unreachable message and toss the packet. I'm
running ComOS 3.7.2c3 on 18 portmasters, all of which seem to have this
problem.

On Saturday night my company fell victim to a DoS attack that completely
sacked all three of our pipes (a T3 and two T1s). The resultant ethernet
traffic made even our 100bTx local network unusable because of the
attacker was flooding multiple portmasters on unreachable IP addresses.
Every packet they sent bounced around our network until its TTL was
reached. When is this disastrous behavior going to be fixed??

-- 
David Denney           | D i m e n s i o n a l   C o m m u n i c a t i o n s |
daud@dimensional.com   |  Shell & PPP * $25/mo 33K/56Kbps * $50/mo 64K ISDN  |
303.285.INET voice     |  http://www.dimensional.com/  info@dimensional.com  |
888.3.DIMCOM tollfree  |  Denver * Boulder * Longmont * Bailey * CO Springs  |


 protect your freedom, while you still can, finger me for PGP key, use it!


-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>