[Talk] A denial of service attack?

Luigi Cantoni LCantoni at asi.com.au
Fri Jun 14 17:11:28 EST 2002 

I had a chat around the office and the quick thought and we agree with Greg.
Someone is going for you. No we have not seen it done before but we are sure
you can do it with programmable cards which I think your sparc stations
have.
Luigi

> -----Original Message-----
> From: Greg 'groggy' Lehey [mailto:Greg.Lehey at auug.org.au]
> Sent: Friday, 14 June 2002 5:00 PM
> To: David Purdue
> Cc: talk at auug.org.au
> Subject: Re: [Talk] A denial of service attack?
> 
> 
> On Friday, 14 June 2002 at 15:46:04 +1000, David Purdue wrote:
> > We are seeing something strange here, and if it is not a DOS
> > attack or virus of some kind, it is a grand idea for one.
> >
> > Here is what we see:
> >
> > - a system is sending out DHCP requests using a bogus Ethernet
> > MAC address.
> >
> > - as soon as it gets a lease on an address, it increments the MAC
> > address and tries again - this ensures it does not get the same
> > MAC address reallocated.
> >
> > The effect is that the DHCP server is running out of addresses
> > to give - so as people turn on their desktops they can not connect
> > to the network, and as leases expire connected desktops are
> > effectively getting thrown off the network!
> >
> > Does anyone know of anything (either because of bug or malicious
> > intent) that behaves in this way?
> 
> I've never heard of this one before, but I'd have difficulty believing
> that it's a bug.  This should also be good for confusing the hell out
> of switches.  Can't you trace where it's coming from?
> 
> Greg
> --
> See complete headers for address and phone numbers
> _______________________________________________
> Talk mailing list
> Talk at auug.org.au
> http://www.auug.org.au/mailman/listinfo/talk
> 


**** ASI Solutions Disclaimer **** 
 The material transmitted may contain confidential and/or privileged
material and is intended only for the addressee.  If you receive this in
error, please notify the sender and destroy any copies of the material
immediately. ASI will protect your Privacy according to the 10 Privacy
Principles outlined under the new Privacy Act, Dec 2001. 

 This email is also subject to copyright.  Any use of or reliance upon this
material by persons or entities other than the addressee is prohibited. 

E-mails may be interfered with, may contain computer viruses or other
defects.  Under no circumstances do we accept liability for any loss or
damage which may result from your receipt of this message or any
attachments. 
**** END OF MESSAGE ****

More information about the Talk mailing list