[<prev] [next>] [day] [month] [year] [list]
Message-ID: <6b6aef210512200842jf1613cqd30e91222700289b@mail.gmail.com>
Date: Tue, 20 Dec 2005 11:42:48 -0500
From: Synister Syntax <synistersyntaxlist@...il.com>
To: asimmons@...sagelabs.com, bugtraq@...urityfocus.com,
full-disclosure@...ts.grok.org.uk, NTBUGTRAQ@...tserv.ntbugtraq.com,
vuln-dev@...urityfocus.com
Subject: Re: Re: RLA ("Remote LanD Attack")
Andrew Simmons:
I have had numerous successful attacks take place between
multiple services providers. All of which are big names. (Comcast
and Verizon). Besides my own test, and the test my Friends assisted
with, I have received multiple reports of others trying the exploit
out themselves, and being successful.
Although, I can understand what you are saying, the attacks are
still obviously working. Have you tried executing an attack your
self?
On 12/20/05, Andrew Simmons <asimmons@...sagelabs.com> wrote:
> Synister Syntax wrote:
>
> > You are correct if your router is configured with such an ACL,
> > you would be protected. The problem, again, is Consumer grade devices
> > have no such ACLs, and have no way for you to manually add such. Now
> > corporate grade devices have measures where the administrators can
> > write such ACLs that would block spoofed packets, but that doesn't
> > mean the administrators are enforcing them.
> >
>
>
> Surely, not only the end point, but any router between the source and
> the target that's using uRPF (which is a complete no-brainer -- any ISP
> or NSP worthy of the name will be using this) will kill the attack.
>
> Or to put it another way, AFAICT a successful attack would require for
> all the intermediate routers to be misconfigured.
>
>
> cheers
>
> \a
>
> --
> Andrew Simmons
> Technical Security Consultant
> MessageLabs
>
> Mobile: +44 (7917) 178745
> asimmons@...sagelabs.com
> www.messagelabs.com
>
> MessageLabs - Be certain
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________
>
--
Regards,
SynSyn
Network Manager, Server Administrator, Security Specialist
(http://www.teamtrinix.com)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists