RE: Looking for...

Fri, 23 Apr 1999 07:48:09 -0700 

Before going on the offense, you may want to rethink your defense. 

 If the alleged policy-violator is being issued a DHCP license, then you
have their MAC.  With that, and depending upon the size of your network, you
can either create include or exclude entries within your DHCP config.

If you are issuing DHCP across routers, you could at least determine from
which network they are coming from.  

If a simple flood-ping "ended up bringing down whole network segments," of
mine, I'd seriously consider updating  my resume.  

A SYN attack will only work if you have some knowledge about the host.  I
won't get into that any further.

If none of the above helped, and depending upon your O/S, a simple "ping -l
65510 127.0.0.1"  will help.  I think that it would be very kEwL!



> From:         GANG WANG[SMTP:[EMAIL PROTECTED]]
> Sent:         Thursday, April 22, 1999 9:36 PM
> To:   Burgess, Jeff; [EMAIL PROTECTED]
> Subject:      Re: Looking for...
> 
> Go rootshell and take a look. A lot of that kind of stuff.
> You can find synk and syndrop. Good luck.
> 
> -----Original Message-----
> From: Burgess, Jeff <[EMAIL PROTECTED]>
> To: '[EMAIL PROTECTED]' <[EMAIL PROTECTED]>
> Date: Thursday, April 22, 1999 12:00 PM
> Subject: Looking for...
> 
> 
> >
> > I'm looking for a SYN attack type utility to use here at the bank.  We
> have
> >a "Do not plug it in unless we know what it is" type policy here, but
> we've
> >been getting odd machines starting to show up in our DHCP scopes here and
> >there.
> >
> > What we would like to do is SYN attack these specific devices and wait
> for
> >the call saying this machine isn't working come and fix it.  We've
> actually
> >tried to flood some of these devices with pings, but we've actually only
> >ended up bringing down whole network segments and we don't want that to
> >happen.
> >
> > Can anyone point me in the general direction of even a simple SYN attack
> >app?
> >
> > Thanks.
> >
> >
> >Jeffrey T Burgess
> >Internet/Intranet Administrator
> >Liberty Bank
> >[EMAIL PROTECTED]
> >P (860) 344-7300
> >F (860) 704-2113
> >
> >---
> >        |\      _,,,---,,_
> > ZZZzz  /,`.-'`'    -.  ;-;;,_
> >       |,4-  ) )-,_. ,\ (  `'-'
> >      '---''(_/--'  `-'\_)
> >
> > <<Jeffrey T  Burgess.vcf>>
> >
> >
> 
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> 
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to