DoS, ICMP, proxies, SYNDefender

Mailman List Mirror (Read Only)
1

Right on! PHRACK will be publishing my program to transmit bogus ICMP
UNREACHABLE packets in the december 2001 issue. It's called the Bass
Player. :slight_smile:

Wonderful! And Phack with publish a patch to ip_input.c that redirects all
bogus ICMP directs root names servers as SYN packets called the
Dillion Diversion :slight_smile: (think about it..)

Therefore:

It does not matter what the packet *is* or the information in the
packet, it is up to the protocol implementor(s) to 'do the
right thing' when a packet is received.

TCP is broken. ICMP is broken. It is not Phrack or 2600 that
broke it.

VR,

Tim

2

I have thought about it. If the Internet industry spends a couple of years
deploying ICMP UNREACHABLE as you have asked, then they will have created
a weakness that can be exploited by the Bass Player. Even though a
solution to this problem could be deployed, it would also take years to
work its way into most network hosts.

The solution is to not deploy something that creates new attack
possibilities.

Michael Dillon - ISP & Internet Consulting
Memra Software Inc. - Fax: +1-604-546-3049
http://www.memra.com - E-mail: michael@memra.com