FW: Hackers Strike at N.Y. Internet Access Company (fwd)

Dan Kohn (dan@teledesic.com)
Fri, 13 Sep 1996 07:16:52 -0700


>----------
>From: Steven Bellovin[SMTP:smb@research.att.com]
>Sent: Thursday, September 12, 1996 7:29 PM
>Subject: Re: Hackers Strike at N.Y. Internet Access Company (fwd)
>
> This is the first I've heard of this attack, and I'm trying to
>discern
> its nature from the press story. Sounds like a flooding attack with
> bogus IP fragments; is that right?
>
>Not fragments -- SYN packets from random forged IP addresses. That
>fills up the half-open connection queue. There are at least three
>implementations floating around that implement this -- 2600 published
>one, Phrack published one, and there's a third as well. But the folks
>who pulled off this attack weren't just using canned software; when
>Panix found some weaknesses in the original attack and succeeded in
>blocking
>it, the attackers found and ``repaired'' their attack program.
>
>