Whoa. Default route loop, thats definitely new ;)
Protip: always do prior works research. On Thu, Dec 22, 2016 at 7:56 PM, Tom Beecher <[email protected]> wrote: > Jean sent me details. I won't share the link or password to it based on his > request, but he hasn't found anything new, and it's not even amplification > at all. > > What he did was send 1500 byte ICMP packets with a max TTL at an IP address > that is not reachable due to a routing loop. No amplification is occurring > ; it's just the same packets hanging around longer looking for free food > because of the TTL. > > I think he _assumed_ amplification was happening because link utilization > between his lab routers doing the looping was increasing. Totally expected > when you're using --flood and in a lab environment where the TTL entering > the loop is still above 250. :) > > On Thu, Dec 22, 2016 at 11:48 AM, William Herrin <[email protected]> wrote: > > > On Thu, Dec 22, 2016 at 11:04 AM, Ken Chase <[email protected]> wrote: > > > Maybe he's found what's already known and posted 2 months ago (and > every > > 2 months?) > > > on nanog, the TCP 98,000x amplifier (which is a little higher than > > 100x), among > > > dozens of misbehaving devices, all >200x amp. > > > > > > https://www.usenix.org/system/files/conference/woot14/ > woot14-kuhrer.pdf > > > > Hi Ken, > > > > He said, "There is no need for spoofing " so it wouldn't be that one. > > > > > > Jean, > > > > Respectfully: you're not well known to us as having identified earth > > shattering vulnerabilities in the past. We hear about utterly > > unimportant "priority one" events every single day, so without enough > > information to assess whether you're looking at is something new, > > important or even possible within our various architectures, few of us > > will be inclined to take you seriously. > > > > We're all too familiar with the consequence of giving credence to > > people who say "believe me" instead of offering verifiable fact. > > > > I respect that you're trying to help, but "I have something important > > to tell you, please contact me off list" is not the way to do that. > > > > And if it turns out we should have listened and kept this secret as > > long as possible, well, that's on us. ;) > > > > Regards, > > Bill Herrin > > > > > > > > -- > > William Herrin ................ [email protected] [email protected] > > Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/> > > > -- Alexander Lyamin CEO | Qrator <http://qrator.net/>* Labs* office: 8-800-3333-LAB (522) mob: +7-916-9086122 skype: melanor9 mailto: [email protected]
