(ASCEND) Known attacks via 127.0.0.2 (rj0) ?

To: Ascend Users <ascend-users@bungi.com>
Subject: (ASCEND) Known attacks via 127.0.0.2 (rj0) ?
From: Andre Beck <beck@ibh-dd.de>
Date: Sun, 28 Dec 1997 11:58:32 +0100
Organization: IBH Prof. Dr. Horn GmbH - Xlink PoP Dresden
Sender: owner-ascend-users@max.bungi.com

Hi,

the subject says most of it: We had an attack with a large amount of
ICMP packets. The new thing about the attack was the address they
seem to appear from: 127.0.0.2. Note that this is no source address
spoofing, they were not packets from 127.0.0.2 to some IP in our
net but packets _from_ 127.0.0.2 _to_ some other address far away
and not in our net. Looking for the way they have been generated
I remembered that Ascend uses 127.0.0.2 as the address of the rj0
Interface. Does anyone know of ways to attack this interface, abuse
it to generate bombastic amounts of ICMP traffic etc. ? Or do I have
to search elsewhere (especially for a hacked machine or hacked
profile) ?

Thanks,
Andre.
-- 

Kanther-Line: PGP SSH IDEA MD5 GOST RIPE-MD160 3DES RSA FEAL32 RC4

+-o-+--------------------------------------------------------+-o-+
| o |               \\\- Brain Inside -///                   | o |
| o |                   ^^^^^^^^^^^^^^                       | o |
| o | Andre' Beck (ABPSoft) beck@ibh-dd.de XLink PoP Dresden | o |
+-o-+--------------------------------------------------------+-o-+
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Prev by Date: (ASCEND) 127.0.0.[2-xxx]
Next by Date: Re: (ASCEND) Radius Authentication (fwd)
Prev by thread: Re: (ASCEND) Radius Authentication (fwd)
Next by thread: Re: (ASCEND) Known attacks via 127.0.0.2 (rj0) ?
Index(es):
- Main
- Thread