[unisog] Another suggestion
j.riden at massey.ac.nz
Fri Nov 19 20:05:00 GMT 2004
mmunaret at studenti.math.unipd.it writes:
> Thanks again for your contribution. I made a program that runs through the
> data and now I have all the data I need except the last one..
> for instance in that line of data:
> duration: 0 sec
> protocol: icmp
> service: echo reply
> src bytes: 1032
> dest bytes:0
> in the KDD CUP they wrote all the data from the sniffing and then put a class
> of attack at the end of each one, like shown above! Why they wrote a "smurf"
> attack here?
> How can I get these information for the other classes.
> best regards - Matt
I can understand this - smurf attacks haven't been a major problem for
a while now as far as I've heard.
Basically you send a ping to the network broadcast address, say
10.255.255.255 in 10/8, with a forged source address. Every live
machine in 10/8 then tries to send an echo reply to the forged source
address which can easily swamp it with traffic.
The echo service (port 7/udp) has been used for these attacks as well,
since it's UDP-based and allows forging of the source address.
(I actually wrote an assignment on this data-set a couple of years
back - I seem to remember it was quite an interesting problem.)
James Riden / j.riden at massey.ac.nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/
More information about the unisog