From owner-FreeBSD-net-jp@jp.freebsd.org  Wed Jul  8 20:16:25 1998
Received: (from daemon@localhost)
	by jaz.jp.freebsd.org (8.8.8+3.0Wbeta13/8.7.3) id UAA20096;
	Wed, 8 Jul 1998 20:16:25 +0900 (JST)
	(envelope-from owner-FreeBSD-net-jp@jp.FreeBSD.org)
Received: from suri.co.jp (gateway.suri.co.jp [202.239.18.17])
	by jaz.jp.freebsd.org (8.8.8+3.0Wbeta13/8.7.3) with SMTP id UAA20091
	for <FreeBSD-net-jp@jp.freebsd.org>; Wed, 8 Jul 1998 20:16:21 +0900 (JST)
	(envelope-from koie@suri.co.jp)
Received: from thames.suri.co.jp ([10.1.100.1]) by gateway.suri.co.jp with ESMTP id <11649>; Wed, 8 Jul 1998 20:35:51 +0900
Received: from tiga.suri.co.jp (root@tiga.suri.co.jp [10.1.6.20])
	by thames.suri.co.jp (8.8.6/3.6W) with ESMTP id UAA11506
	for <FreeBSD-net-jp@jp.freebsd.org>; Wed, 8 Jul 1998 20:11:05 +0900 (JST)
Received: from localhost (yoke.suri.co.jp [10.1.6.155]) by tiga.suri.co.jp (8.8.7+2.7Wbeta7/3.4W3-970326) with ESMTP id UAA01798; Wed, 8 Jul 1998 20:14:17 +0900 (JST)
To: FreeBSD-net-jp@jp.freebsd.org
From: KOIE Hidetaka (=?iso-2022-jp?B?GyRCOHE5PjFRTjQbKEI=?=) <koie@suri.co.jp>
In-Reply-To: Your message of "Tue, 7 Jul 1998 20:52:36 +0900"
	<10200.899812356@coconut.itojun.org>
References: <10200.899812356@coconut.itojun.org>
X-Mailer: Mew version 1.93b38 on Emacs 19.28 / Mule 2.3 (SUETSUMUHANA)
X-PGP-Fingerprint: 34 F4 D5 48 D0 18 EE 24  5B 1A DD 23 BF 73 19 03
X-PGP-Public-Key-URL: http://www2s.biglobe.ne.jp/~koie-hed/public_key.txt
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Message-Id: <19980708201416-4761N.koie@penguin.suri.co.jp>
Date: Wed, 8 Jul 1998 20:14:16 +0900
X-Dispatcher: imput version 980522
Lines: 46
Reply-To: FreeBSD-net-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute [version 2.1 (Alpha) patchlevel=24e+ JFUG special]
X-Sequence: FreeBSD-net-jp 844
Subject: [FreeBSD-net-jp 844] DoS by ECHO (RE: Passive telnet)
Errors-To: owner-FreeBSD-net-jp@jp.freebsd.org
Sender: owner-FreeBSD-net-jp@jp.freebsd.org

From: Jun-ichiro itojun Itoh <itojun@iijlab.net>
Subject: [FreeBSD-net-jp 841] Re: Passive telnet 
Date: Tue, 7 Jul 1998 20:52:36 +0900

 | >ECHO$B%5!<%S%9$K2?$+7j$,$"$j$^$7$?$C$1!#(B
 | 	denial-of-service attack$B$G$9$M!#$"$J$?$N$*$&$A$N2s@~I}$r%4%_$G(B
 | 	$BKd$a$i$l$A$c$$$^$9!#(B

$B$A$g$C$H9M;!$7$^$7$?!#(B
               __         __
    ..________|  |_______|  |
           |  |__|       |__|
           |   ISP       myhost
     __    |
    |  |___|
    |__|
    attacker

o ICMP$B$rDL$9(B --- ping$B967b(B

o $B30$+$i$N(BUDP$B$rDL$9(B --- $B$H$K$+$/Ej$2IU$1$k!#(B
                       $B$?$V$s(BICMP_UNREACH_PORT$B$,La$C$F$/$k$N$G(B
                       myhost$B$+$i(BISP$B$X$N>e$j2s@~$bE,Ev$K5M$k!#(B
                       
o $B30$+$i$N(BTCP$B@\B3$rDL$9(B  --- ECHO$B967b(B!
                       attacker-ISP$B4V$,(BISP-myhost$B4V$rKd$a$k$N$K(B
                       $B==J,B@$/$J$$$H!"$3$N967b$OM-8z$G$J$$!#(B

                       ECHO$B$,$@$a$J$i(Btelnet$B$G$b(Bftp$B$G$b(Bssh$B$G$b(B
                       $B$H$K$+$/;n$9!#$@$a$J$i(BTH_RST$B$,La$C$F$/$k$N$G(B
                       myhost$B$+$i(BISP$B$X$N>e$j2s@~$bE,Ev$K5M$k!#(B

o $B%Q%1%C%H%U%#%k%?$G30$+$i$N%Q%1%C%H$rDL$5$J$$$h$&$K$7$F$$$k>l9g(B

        ISP-myhost$B4V$NB@$5$,(Battacker$B$H(BISP$B$NB@$5$HF1DxEY$+$=$l0J2<$J$i(B
        attacker$B$,(Bmyhost$B$KBP$7$FE,Ev$J%Q%1%C%H$G(Bflood$B$9$l$P(B
        ISP$B$+$i(Bmyhost$B$X$N=PNO%-%e!<$r5M$^$i$;$k$3$H$,$G$-$k!#(B
        $BJRJ}8~$N%-%e!<$5$(5M$C$F$7$^$($P(Bmyhost$B$+$i$N(BTCP$B$O;H$($J$/$J$k!#(B


$B7kO@(B: ECHO$B967b$,$G$-$k$J$i(BECHO$B%W%m%H%3%k$G$J$/$F$b(BDoS$B967b$O2DG=!#(B

$B!t(Bremote host$B$N(Bchargen$B$K(Btelnet$B$9$k$H<+Gz$G$-$^$9(B :-)

--
KOIE Hidetaka $B8q9>1QN4(B koie@suri.co.jp $B?tM}5;8&(B SURIGIKEN Co.,LTD.
