We've all heard about Denial of Service; well, here's the opposite...
We have a dial-on-demand ISDN service (they aren't exactly cheap). After
some prodding, I got around to putting some basic filtering on the 2503;
no spoofing, no inbound unless established, that sort of thing.
I was horrified to discover that the router hadn't dropped the call for
some days (I shudder at the bill we're going to get)... It turned out
that the rejection of RIP packets from the outside (just being very
conservative, I suppose) was causing outbound ICMP admin unreachable
messages, which were NOT being logged, despite my "log" everywhere, and
which were keeping the line up!
It occurred to me that this could be the basis of another attack - just
flood us with PINGs. We refuse them - the line stays up. We acknowledge
them - the line stays up. We lose either way...
--
Dave Horsfall VK2KFU dave @
fgh .
oz .
au Ph: +61 2 9957-4224 Fx: +61 2 9922-5286
FGH Decision Support Systems P/L, 77 Pacific Hwy, Nth. Sydney, 2060, Australia
|
|
