In message <[EMAIL PROTECTED]> Fred Baker writes: > > On Sep 21, 2006, at 2:09 PM, James Kempf wrote: > > Hmm, well sounds as if there may be a technical problem after all. > > First, an intrusion detection problem: does this stream of packets > > have forged source addresses? Then, a traceback problem: if so > > where do these packets originate from? > > And the news in this statement is what, precisely? > > Yes, people put bogus source addresses into packets. Barry indicates > that it is far less common than it once was, but someone else (name > escapes me and I'm too lazy to go find the email) that some attacks > depend on them doing so.
An example of such an attack is resource related attacks such as TCP SYN attacks to web servers. Immunity to this type of attack is much better than it used to be but not perfect. Following with a SYN-ACK has a 1 in 65K chance of creating an established connection. There is also the more dangerous TCP hijacking problem with sessions that are authenticated but carry no payload validation (or encryption). The latter is nothing IPSEC, kerberos, or ssh couldn't solve if available. Unpopular organization such as Microsoft, SCO, or the governemt of China might find themselves targets of resource attacks but since these attacks are now far less effective (and rather pointless) they are far less common. In the past AOL and Yahoo have been targets. I think whitehouse.gov was a target at one point (even when Al was there). Probably thousands more have been targets of small scale attacks. Some were even personal vendetas. Curtis _______________________________________________ Int-area mailing list [email protected] https://www1.ietf.org/mailman/listinfo/int-area
