Re: Website Hacking Attempt - letting the IP Block owners know?

From: chris@nospam.com
Date: 06/29/02

• Next message: Jerry Mendes: "Re: Netgear RT314 Router- how can I see my served pages from inside my network?"
• Previous message: steve harris: "Re: Netgear RT311"
• In reply to: Jim Patrick: "Re: Website Hacking Attempt - letting the IP Block owners know?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: chris@nospam.com
Date: Fri, 28 Jun 2002 23:33:37 -0700

On Fri, 28 Jun 2002 08:59:40 -0400, Jim Patrick <jpatrick@shentel.net>
wrote:

>In comp.security.misc, chris@nospam.com wrote:
>
>> Jim Patrick wrote:
>>>... Be interesting to see
>>>what the drop would be if you installed a "probe? block address" on
>>>all the servers. A block that lasts until the lease expires combined
>>>with a timed block on the computer name would be reasonably effective
>>>as a starting point.
>
>>And voila you create another potential DOS attack where the attacker
>>sends spoofed probes with addresses of legitimate customers.
>
>You can do that from login? Perhaps I'm naive, but the suggestion
>was made because on a campus the IT owns everything. Every server,
>every router, everything. Unless I remember incorrectly, it means the
>campus owns the real addresses too.

Perhaps, I misunderstood what you meant. I thought you meant setting
up something on the receiving server that would block all traffic from
an IP once a probe was detected from that IP.

Now, I think you meant at the campus level, block outgoing traffic
from an IP that appears to have sent a probe out.

I think in either case, it'd be possible to denial-of-service attack
someone by causing their IP address to get blocked. It's pretty easy
to forge packets.

Or am I still way off base?

---

• Next message: Jerry Mendes: "Re: Netgear RT314 Router- how can I see my served pages from inside my network?"
• Previous message: steve harris: "Re: Netgear RT311"
• In reply to: Jim Patrick: "Re: Website Hacking Attempt - letting the IP Block owners know?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Website Hacking Attempt - letting the IP Block owners know? ... >was made because on a campus the IT owns everything. ... up something on the receiving server that would block all traffic from ... from an IP that appears to have sent a probe out. ... it'd be possible to denial-of-service attack ... (comp.security.misc) Re: Website Hacking Attempt - letting the IP Block owners know? ... >was made because on a campus the IT owns everything. ... up something on the receiving server that would block all traffic from ... from an IP that appears to have sent a probe out. ... it'd be possible to denial-of-service attack ... (comp.security.firewalls) Re: Website Hacking Attempt - letting the IP Block owners know? ... >was made because on a campus the IT owns everything. ... up something on the receiving server that would block all traffic from ... from an IP that appears to have sent a probe out. ... it'd be possible to denial-of-service attack ... (comp.security.misc) [NT] Web Browsers Vulnerable to the Extended HTML Form Attack ... inject HTML scripts, which makes use of the same method described in the ... The Original HTML form attack: ... server 7 open ... (Securiteam) [UNIX] DoS Attack Against FreeRADIUS (Other RADIUS Servers Affected) ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... to create a high-performance and highly configurable GPL'd RADIUS server. ... program with failed requests causing a denial of service attack. ... Access-Request to the RADIUS server, ... (Securiteam)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)