[clug] shimmer
Kim Holburn
kim.holburn at gmail.com
Thu Jul 10 10:44:08 GMT 2008
On 2008/Jul/10, at 10:01 AM, Sam Couter wrote:
> David Schoen <neerolyte at gmail.com> wrote:
>> This may be a silly question, but how are DoS attacks easier with
>> something like that?
>
> It's painfully simple to forge the source address of IP packets. With
> such a system, I can lock out any IP address I choose with a single
> packet.
I'm not sure how exactly shimmer works but it would be fairly simple
to require at least one response ie more than a SYN to block.
>> Assuming shimmerd blocks the offender in any sensible fashion (tell
>> iptables to drop packets from connecting ip, or even an snmp event
>> back to a router, to do the same thing) an attacker isn't even going
>> to get through to the application layer so the load on the server
>> should be greatly minimised, greatly reducing the effectiveness of a
>> DoS attack, not the other way around?
>
> How well does the system work when I've pretended to be a few tens of
> thousands of distinct attackers on the 'net? Your iptables ruleset is
> getting pretty big and taking a lot of CPU time to traverse.
> --
> Sam Couter | mailto:sam at couter.id.au
> OpenPGP fingerprint: A46B 9BB5 3148 7BEA 1F05 5BD5 8530 03AE DE89
> C75C
> --
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
--
Kim Holburn
IT Network & Security Consultant
Ph: +39 06 855 4294 M: +39 3494957443
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
Democracy imposed from without is the severest form of tyranny.
-- Lloyd Biggle, Jr. Analog, Apr 1961
More information about the linux
mailing list