[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?))



On Thu, 14 Jul 2011 23:13:03 PDT, Owen DeLong said:
> On Jul 14, 2011, at 8:24 PM, Jimmy Hess wrote:
> > In most cases if you have a DoS attack coming from the same Layer-2
> > network that a router is attached to,
> > it would mean there was already a serious security incident  that
> > occured to give the attacker that special point to attack from.

> That's one possibility.
> 
> The other likely possibility is that you are a University.

Nope. Unless you want to add "or you are a cable provider, or you are a DSL
provider, or you are a...." to that. (Hint - what percent of students launch DoS
attacks that cut themselves off from the net? Compare to what percent of
non-student machines out on cable and DSL are botted or pwned)

Even if you're a university with resident students, if said students are on the
same Layer-2 as anything you actually care about, you have a serious security
incident.

"Student manages to DoS the router out of the dorm and strands 3 floors of dorm
without internet" is just as interesting as "Joe Sixpack manages to DoS the
router at the cable head end and strands 3 blocks of Comcast customers without
internet", for the *exact same reasons*.  If the student is able to play more
level-2 games than Joe Sixpack can, you misdesigned your network.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20110715/e8cad1d2/attachment.bin>