[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: netkit-inetd in sarge

On Sun, Oct 19, 2003 at 02:57:44PM +1000, Andrew Pollock wrote:
> On Sun, Oct 19, 2003 at 12:13:02PM +0800, Cameron Patrick wrote:
> > Yeah, but you can do that on any given port whether it's open or not. e.g.
> > 
> > cat /dev/zero | nc -u victim 12345
> > 
> > (nc in UDP mode seems to ignore "ICMP port unreachable" packets in my
> > testing...  if it doesn't you can always use iptables to make sure it
> > does.)
> > 
> > There's no way to /stop/ someone from sending you data, whether you want
> > it or not.
> Sure, with UDP you're stuffed regardless. Do we really need to be shipping
> sarge with it listening on more (TCP) ports than necessary though?

Getting worried about this kind of denial of service is pointless.
Denial of service attacks are only worth worrying about when they're
significantly cheaper for the attacker than for you, and even then they
are often better handled at an upstream router.


Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to: