Subject: Re: Distributed denial of service attacks.
To: Steven M. Bellovin <smb@research.att.com>
From: Andrew Brown <atatat@atatdot.net>
List: tech-security
Date: 09/07/2001 23:20:32
>Have you tried traceroute and/or ping? If you can build or find a
>tool to emit a hand-built TCP packet on one of these connections, you
>could learn a lot. Send a 0-length TCP packet with the immediately-previous
>sequence number, and see what you get back. If you get back RST, the
>remote host knows nothing of the connection, and that's suspicious.
>If you get back an ACK, the connection exists but is flow-controlled --
>look at the window size in that ACK.
this is a good suggestion, but leads me to ask: how does one typically
"fling an arbitrarily formed packet" at host x? i've got a few tools
in my toolbox that i've written myself (one with a queer dd-like
syntax that i liked for some reason that day), but is there a generic
tool that works well?
--
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org * "ah! i see you have the internet
twofsonet@graffiti.com (Andrew Brown) that goes *ping*!"
andrew@crossbar.com * "information is power -- share the wealth."