Andrew Simmons:
I have had numerous successful attacks take place between
multiple services providers. All of which are big names. (Comcast
and Verizon). Besides my own test, and the test my Friends assisted
with, I have received multiple reports of others trying the exploit
out themselves, and being successful.
Although, I can understand what you are saying, the attacks are
still obviously working. Have you tried executing an attack your
self?
On 12/20/05, Andrew Simmons <asimmons@messagelabs.com> wrote:
Synister Syntax wrote:
You are correct if your router is configured with such an ACL,
you would be protected. The problem, again, is Consumer grade devices
have no such ACLs, and have no way for you to manually add such. Now
corporate grade devices have measures where the administrators can
write such ACLs that would block spoofed packets, but that doesn't
mean the administrators are enforcing them.
Surely, not only the end point, but any router between the source and
the target that's using uRPF (which is a complete no-brainer -- any ISP
or NSP worthy of the name will be using this) will kill the attack.
Or to put it another way, AFAICT a successful attack would require for
all the intermediate routers to be misconfigured.
cheers
\a
--
Andrew Simmons
Technical Security Consultant
MessageLabs
Mobile: +44 (7917) 178745
asimmons@messagelabs.com
www.messagelabs.com
MessageLabs - Be certain
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
--
Regards,
SynSyn
Network Manager, Server Administrator, Security Specialist
(http://www.teamtrinix.com)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
