[AG-TECH] Using quickbride for DOS attacks?
spb at epcc.ed.ac.uk
Thu Jun 5 07:37:59 CDT 2003
On 5 Jun 2003, Grzesiek Sedek wrote:
> Correct me if I'm wrong but for me it looks like there is a possible
> issue with quickbride being used in DOS attacks on the other sites.
> There is a AG session with 10 participating nodes running ( lets say
> 10MB/s in total ).
> There is a quickbridge for that session too.
> Since UDP is connectionless protocol it's very easy to spoof orginator
> ip to look like it's comming from victims ip. Once you start sending
> spoofed packets victims site gets 10MB/s UDP flood.
> Has enyone expierienced anything like that?
Thats why I put access cointrol into quickbridge. You can restrict the
IP addresses that quickbridge will accept unicast sessions from by
creating a bridge.acl file containing address netmask pairs
Its not perfect but it lets you restrict this kind of thing to a certain
|epcc| Dr Stephen P Booth Project Manager |epcc|
|epcc| s.booth at epcc.ed.ac.uk Phone 0131 650 5746 |epcc|
More information about the ag-tech