Re: Hacked - is it my turn? - interesting

To: debian-security@lists.debian.org
Subject: Re: Hacked - is it my turn? - interesting
From: Rolf Kutz <kutz@netcologne.de>
Date: Wed, 4 Feb 2004 00:11:34 +0100
Message-id: <[🔎] 20040203231133.GB1103@afrika>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20040203214814.GB10395@zionlth.org>
References: <[🔎] 401DECCD.1050402@megahosted.com> <[🔎] Pine.LNX.3.96.1040202135231.13487A-100000@Maggie.Linux-Consulting.com> <[🔎] 20040202222839.GX2096@morgul.net> <[🔎] 20040203043840.GA13318@nepomuk.stw.uni-duisburg.de> <[🔎] 20040203123829.GC9437@fluff> <[🔎] 87d68wqpgp.fsf@fermat.localhost> <[🔎] 20040203140330.GA1103@afrika> <[🔎] 20040203214814.GB10395@zionlth.org>

* Quoting Phillip Hofmeister (plhofmei@zionlth.org):
> 
> As mentioned before, it is a port-scanner.  Anyhow, TCP-Reset cans turn

Ack.

> a asymmetric DoS attack/flood (one-way) into an symmetric DoS/flood
> because now your host is generating traffic by replying to these
> otherwise useless packets.  You could set a limit rule on sending a

A DoS attack is a different scenario than a port
scan. In normal situation you create more load
cause of the TCP-retransmission.

> TCP-Reset..I know.  I am not one that enjoys people breaking RFCs, but
> in this case it does make *some* sense.  If someone is randomly port
> scanning class C's and they hit your IP, get no response from an ICMP
> (1) echo-request (8) and then try a few ports and get no TCP-Resets,
> they are likely to think you are a dead IP[1].

You would get a ICMP host-unreachable from the
last router in that case. 

- Rolf

Reply to:

Follow-Ups:
- Re: Hacked - is it my turn? - interesting
  - From: Phillip Hofmeister <plhofmei@zionlth.org>

References:
- Re: Hacked - is it my turn?
  - From: Eric Nelson <en@megahosted.com>
- Re: Hacked - is it my turn? - interesting
  - From: Alvin Oga <aoga@ns.Linux-Consulting.com>
- Re: Hacked - is it my turn? - interesting
  - From: Noah Meyerhans <noahm@debian.org>
- Re: Hacked - is it my turn? - interesting
  - From: Philipp Schulte <pschulte@uni-duisburg.de>
- Re: Hacked - is it my turn? - interesting
  - From: Richard Atterer <richard@list04.atterer.net>
- Re: Hacked - is it my turn? - interesting
  - From: fra-ds-no-spam@tourde.org (François TOURDE)
- Re: Hacked - is it my turn? - interesting
  - From: Rolf Kutz <kutz@netcologne.de>
- Re: Hacked - is it my turn? - interesting
  - From: Phillip Hofmeister <plhofmei@zionlth.org>

Prev by Date: Re: Hacked - is it my turn? - interesting
Next by Date: Re[2]: Hacked - is it my turn? - interesting
Previous by thread: Re: Hacked - is it my turn? - interesting
Next by thread: Re: Hacked - is it my turn? - interesting
Index(es):
- Date
- Thread