[asterisk-dev] OT: Where Mailing List Replies Should Go
J. Oquendo
sil at infiltrated.net
Mon Oct 9 08:34:36 MST 2006
Jay R. Ashworth wrote:
> On Mon, Oct 09, 2006 at 08:40:54AM -0400, J. Oquendo wrote:
>
>> Jay R. Ashworth wrote:
>>
>>> You're familiar with randy bush's paper suggesting that BGP flap
>>> dampening was a bad idea? (I wasn't either, but I ran across it the
>>> other day, and it seemed pertinent to mention it here:
>>>
>>>
> I did not, no; that was reasonably clear from the phrasing I chose. Or
> so I thought. It doesn't justify the tone of your response here,
> though, IMHO.
>
> I was *trying* to be helpful. I won't make that mistake again.
>
> Cheers,
> -- jra
>
The initial problem with route flapping/dampening is it can be DoS'd
causing a flurry of issues. I initially started a DoS using a
flapping/dampening attack but left it alone after a proof of concept
that started in 1999 on some stupid ideas of how flapping/dampening
wasn't such a great idea. The RFC information along with the "standards"
that run BGP introduce an array of issues someone could use to start a
flapping war. Imagine this:
RouterA (United States) --> RouterB (Europe)
Attacker on RouterA's network sends out bogus ICMP information (say ICMP
source quenches at a phenomenal rate) ... RouterB does what it is
supposed to do, times it out. Attacker using a botnet continues
attacking RouterB as RouterA. The neighbor state would be in such a
state of "WTF" is happening it will continuously ignore the adjacency
between the two routers breaking anything they were passing to one another.
The initial paper was a stupid concept which actually happened to break
Zebra (now known as Quagga). I released a Proof of Concept tool then
left the idea alone since I thought if it did work on a grand scale it
would be such a moronic tool to make public. Why my post me sound harsh,
I inferred yours to be a poke to the extent of "so what who cares" so my
sincerest apologies for misjudging. I enjoy learning from others no
matter what it is and I was only offering insight using
flapping/dampening as an example. It would not be a bad idea though to
have some form or limit built in somewhere down the line:
[SIPUSER/IAXUSER/WHATEVER]
processes = 10
Where any given user would not be able to abuse a system. The stupid
program I made is created to generate ranDumb numbers (SIP extensions),
so in this instance if say extension 100 generated anything over 10
requests, replies, acknowledgments, invites, byes, cancels, etc., it
would be given a "bad boy shame on you" time out. For this instance
(attack tool I made) it would suffice to an extent opening channels. I
managed to open up 50 channels in less than a minute remotely with one
program alone mind you there are now 13 tools in the suite.
http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0618.html
http://archive.cert.uni-stuttgart.de/archive/vuln-dev/2003/08/msg00039.html
--
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net
The happiness of society is the end of government.
John Adams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5157 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.digium.com/pipermail/asterisk-dev/attachments/20061009/41361be6/smime-0001.bin
More information about the asterisk-dev
mailing list