Edward Henigin wrote:
>
> Right now I'm more concerned with some low-volume DOS
> attacks which are capable of killing a 7513/RSP4. I don't know
Right yesterday I noticed that if you're able to send ICMP echo requests
with a source address of 0.0.0.0, when the router attemps to reply, it
logs this error:
8w1d: %IP-3-DESTHOST: src=212.110.160.65, dst=0.0.0.0, NULL desthost
-Process= "IP Input", ipl= 0, pid= 26
-Traceback= 60384E08 60384238 60384560 6039250C 6035B38C 6035C420
6035819C 6039242C 60379CE0 60377F08 6037801C 603781A8 602D7264 602
D7250
If "logging console" is enabled, you can easily saturate the serial port
(and flood syslogd). I don't know if this could be made a DoS... I don't
have spare routers to flood with spoofed packets to see if they die :^)
Bye!
-- Daniele------------------------------------------------------------------------------- Daniele Orlandi - Utility Line Italia - http://www.orlandi.com Via Mezzera 29/A - 20030 - Seveso (MI) - Italy -------------------------------------------------------------------------------
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:10 EDT