[ringzero] Re: just a musing..

On Wed, January 24, 2007 12:39 pm, Michael Kjorling wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> On 2007-01-24 09:32 -0000, ed@xxxxxxx wrote:
>
>>> Everything from packet spoofing to DoS with a constantly
>>> changing MAC address would become trivial.
>>
>> well, the DoS would extend on as far as the router, outside of that the
>>  router controls the MAC address itself, so it would be a pretty
>> limited DoS.
>>
>
> Please do tell me how you'd reach from elsewhere on the LAN (including
> the router) a system that has a constantly changing hardware address.

im on about the client (lan host) changing mac, not the router itself. i
just wanted to create a bunch of packets and see if the router falls over,
or if it can stand up to a mass of packets from different sources filling
some tables.

> If
> done often enough (which would be easy if the NIC itself does not do rate
> limiting on MAC address changes) then ARP and/or MAC-to-switch-port
> resolution might not be able to keep up, and even if they are able to keep
> up, the caches would quickly fill up leading to a large increase in
> locally undeliverable packets (since some of that data would have to be
> discarded to keep the tables within the memory constraints of the switch),
> potentially affecting unrelated systems as well.

thats a very valid point

> A DoS does not have to affect any other system at all in order to be a
> denial of service.

true also

thanks for the info, i'll see what i can put together

-- 
You are receiving this message as part of your subscription to the
"ringzero" mailing list at freelists.org. To unsubscribe, send an e-mail
to ringzero-request@xxxxxxxxxxxxx?subject=unsubscribe

Other related posts: