[clug] shimmer

Kim Holburn kim.holburn at gmail.com
Thu Jul 10 10:44:08 GMT 2008

On 2008/Jul/10, at 10:01 AM, Sam Couter wrote:

> David Schoen <neerolyte at gmail.com> wrote:
>> This may be a silly question, but how are DoS attacks easier with
>> something like that?
> It's painfully simple to forge the source address of IP packets. With
> such a system, I can lock out any IP address I choose with a single
> packet.

I'm not sure how exactly shimmer works but it would be fairly simple  
to require at least one response ie more than a SYN to block.

>> Assuming shimmerd blocks the offender in any sensible fashion (tell
>> iptables to drop packets from connecting ip, or even an snmp event
>> back to a router, to do the same thing) an attacker isn't even going
>> to get through to the application layer so the load on the server
>> should be greatly minimised, greatly reducing the effectiveness of a
>> DoS attack, not the other way around?
> How well does the system work when I've pretended to be a few tens of
> thousands of distinct attackers on the 'net? Your iptables ruleset is
> getting pretty big and taking a lot of CPU time to traverse.
> -- 
> Sam Couter         |  mailto:sam at couter.id.au
> OpenPGP fingerprint:  A46B 9BB5 3148 7BEA 1F05  5BD5 8530 03AE DE89  
> C75C
> -- 
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux

Kim Holburn
IT Network & Security Consultant
Ph: +39 06 855 4294  M: +39 3494957443
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

Democracy imposed from without is the severest form of tyranny.
                           -- Lloyd Biggle, Jr. Analog, Apr 1961

More information about the linux mailing list