Topic: Distributed Reflection Denial of Service

[Rob Bracken]

Dear e-smith,

Steve Gibson (http://grc.com) was recently attacked by a new type of denial of service which sends a TCP SYN packet to a server, with the IP address of the victim machine. The server then responds with a SYN/ACK packet, directed to the victim (see grc.com for a full discussion). This is only possible because a number of "zombie" machines are compromised and made to produce spoofed packets.

Does the e-smith setup contain any barriers/filters that prevent it sending spoofed packets?

[Patrick Basile]

Rob (and everyone else),

Thanks for the post...I actually just got done reading the story at grc.com about the DRDoS attack against their site - and I was wondering the same thing.

Okay all you SME security experts...time to 'earn your keep' here and chime in with all that stuff you have in those noggins just waiting to come out.  Thanks.

Regards,
Patrick

[Charlie Brady]

Rob Bracken wrote:

> Steve Gibson (http://grc.com) was recently attacked by a new
> type of denial of service which sends a TCP SYN packet to a
> server, with the IP address of the victim machine. The server
> then responds with a SYN/ACK packet, directed to the victim
> (see grc.com for a full discussion). This is only possible
> because a number of "zombie" machines are compromised and
> made to produce spoofed packets.
>
> Does the e-smith setup contain any barriers/filters that
> prevent it sending spoofed packets?

It doesn't, but you could easily add such filters. Note, however, that the server contains multiple layers of security to prevent the server from being compromised. See the security white paper in the documentation section of this website.

Charlie