lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue Dec 20 16:42:55 2005
From: synistersyntaxlist at gmail.com (Synister Syntax)
Subject: Re: RLA ("Remote LanD Attack")

Andrew Simmons:

     I have had numerous successful attacks take place between
multiple services providers.  All of which are big names.  (Comcast
and Verizon).  Besides my own test, and the test my Friends assisted
with, I have received multiple reports of others trying the exploit
out themselves, and being successful.

     Although, I can understand what you are saying, the attacks are
still obviously working.  Have you tried executing an attack your
self?

On 12/20/05, Andrew Simmons <asimmons@...sagelabs.com> wrote:
> Synister Syntax wrote:
>
> >      You are correct if your router is configured with such an ACL,
> > you would be protected.  The problem, again, is Consumer grade devices
> > have no such ACLs, and have no way for you to manually add such.  Now
> > corporate grade devices have measures where the administrators can
> > write such ACLs that would block spoofed packets, but that doesn't
> > mean the administrators are enforcing them.
> >
>
>
> Surely, not only the end point, but any router between the source and
> the target that's using uRPF (which is a complete no-brainer -- any ISP
> or NSP worthy of the name will be using this) will kill the attack.
>
> Or to put it another way, AFAICT a successful attack would require for
> all the intermediate routers to be misconfigured.
>
>
> cheers
>
> \a
>
> --
> Andrew Simmons
> Technical Security Consultant
> MessageLabs
>
> Mobile: +44 (7917) 178745
> asimmons@...sagelabs.com
>   www.messagelabs.com
>
> MessageLabs - Be certain
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________
>


--
Regards,
SynSyn
Network Manager, Server Administrator, Security Specialist
(http://www.teamtrinix.com)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ