[Full-disclosure] Snatching IP on LAN, how to DoS/block such machines?
Joachim Schipper
j.schipper at math.uu.nl
Sat Jul 23 18:35:22 BST 2005
On Wed, Jul 20, 2005 at 11:27:17PM +0200, Niklas wrote:
> Oh forgot to mention this is a univeristy, open around the clock, with
> thousands of users with physical access to whatever.
>
> But I thank you kindly, Marc No Mad. You really helped out on the subject. :p
>
> Addon: I don't have access to the DHCP, or any other central
> services. So we're back the "how do i DoS my clients" on my subnet,
> based on ip/MAC?
>
> No 802.1x available here .... probably won't be in 2005....
>
> /n
There's always the option, though it may be a little more complex than
you intended, of using something like Snort+FlexResp. Load up the p2p
rulesets, modify them to shut down any offending connections.
It won't exactly DoS them, but people will need to do a lot better than
just fire up Kazaa. Of course, good attackers may try all sorts of
sneaky tricks - who are you trying to keep out? The casual p2p user, or
a determined hacker with physical access? The latter is quite difficult.
;-)
(Disclaimer: I've never tried FlexResp...)
Joachim
Full-Disclosure is hosted and sponsored by Secunia.