On Thu, 7 Sep 2000 kuznet@ms2.inr.ac.ru wrote:
> Hello!
> > I believe that the DoS is that the path through the kernel turns out to be
> > long and that a lot of these packets will bring a machine to its knees.
>
> It is not longer than path for any other kind of packet.
> In the reported case it is much shorter. 8)
>
> Apparently, you try to remind about that silly pseudo-attack
> against some kind of BSD? 8) First, it was different, because
> flood was made for port, which was listened. The path is really
> longer there, but the difference is ridiculuous.
Well, it looks like you're getting hit with stream.c or raped.c and what
I'm passing on is just what I picked up from a CERT guy at Usenix. He
claimed that stream.c worked by exploiting a long path through the kernel
to bring the machine to its knees.
Dave Dittrich has a bunch of information (which I should probably read) on
these attacks here: http://staff.washington.edu/dittrich/misc/ddos/stream.txt
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Sep 07 2000 - 21:00:32 EST