SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: iSCSI: ping data size




    Glen,

    A DoS attack can use several other mechanisms too (not only NOPs). And it can be avoided by just
    having the target of the attack dropping the connection with an initiator that issues excessive amount of NOPs with data and limiting the allowed ping size.

    Julo


    Glen Turner <glen.turner@aarnet.edu.au>

    08/19/2002 09:19 AM

           
            To:        Julian Satran/Haifa/IBM@IBMIL
            cc:        Eddy Quicksall <eddy_quicksall@ivivity.com>, "ips@ece. cmu. edu (E-mail)" <ips@ece.cmu.edu>
            Subject:        Re: iSCSI: ping data size

           


    Julian Satran wrote:
    >
    > The originator may be trying to measure something. Allowing the
    > responder to twart the answer would be counterproductive.

    As pointed out before, this allows a denial of service attack on
    public iSCSI servers (such as CD-ROM stackers in libraries)

    --
     Glen Turner                                 Network Engineer
     (08) 8303 3936      Australian Academic and Research Network
     glen.turner@aarnet.edu.au          http://www.aarnet.edu.au/
    --
     The revolution will not be televised, it will be digitised





Home

Last updated: Tue Aug 20 02:19:03 2002
11649 messages in chronological order