[clug] shimmer

Sam Couter sam at couter.id.au
Thu Jul 10 08:01:20 GMT 2008


David Schoen <neerolyte at gmail.com> wrote:
> This may be a silly question, but how are DoS attacks easier with
> something like that?

It's painfully simple to forge the source address of IP packets. With
such a system, I can lock out any IP address I choose with a single
packet.

> Assuming shimmerd blocks the offender in any sensible fashion (tell
> iptables to drop packets from connecting ip, or even an snmp event
> back to a router, to do the same thing) an attacker isn't even going
> to get through to the application layer so the load on the server
> should be greatly minimised, greatly reducing the effectiveness of a
> DoS attack, not the other way around?

How well does the system work when I've pretended to be a few tens of
thousands of distinct attackers on the 'net? Your iptables ruleset is
getting pretty big and taking a lot of CPU time to traverse.
-- 
Sam Couter         |  mailto:sam at couter.id.au
OpenPGP fingerprint:  A46B 9BB5 3148 7BEA 1F05  5BD5 8530 03AE DE89 C75C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.samba.org/archive/linux/attachments/20080710/a9a8880d/attachment.bin


More information about the linux mailing list