[tech] hydra

Duncan Sargeant dunc-mail-131574E at rcpt.to
Mon Sep 3 00:28:26 WST 2001 

Bryden Quirk wrote on Sat September 01, at 03:26 +0800:
> I dont belive the kernal documentation will have alittle note about what
> the ucc dose with this.
> 
> aka is it appart of the charged tunnle, coke , etc..
> dose the ucc use it as a primitive netflow alternitive
> or is it being used for pointless statistial infomation ?

UCC is using it for NAT, because the way NAT has been set up, it
requires this module, for completely superfluous reasons.  AFAIK, its
not required to do NAT so we should probably be doing this "the other
way" which doesn't use this module, but I don't know what that is.

> > > the dnsquerys where being made one after another with 5 processes running
> > > in parralell (i doubt it that in excess of 2 requests per second whould
> > > have ever been acchived )
> > 
> > You may have underestimated things a little.  When I straced one, the
> > connections were flying up the screen.
> 
> probobly becuse it was instently failing or getting connection refused
> when hydra was down :)

Maybe :-)  I can't remember.  But when I increased the limit from 1024
to 8192, it filled up by the time I was able to cat the file which told
me this.

> dose this mean that machines setup this way are vunrable to this kind of
> attack by somone who may actuly want to inflict harm ?

Yes.  Particularly vulnerable to a SYN attack I would presume.  The
recommended fix appears to be rate limiting rules, but this seems like
too much effort for a problem which wouldn't be there if we weren't
using this module.

> (keeping in mind that whould bee machine power independent becuse if the
> table size is of a definable and preset value (which i whoudl assume
> becuse james was able to set its size) then it chould fill up just as
> quicly whether the machine was a 386 or a P4.

Yup.

>  i whould imagen that this whould be quite diffrent from a syn attack
> becuse the router whould not be the machine having conection requests made
> to.

If they SYN another UCC machine, the router will try and track those
connections ...



,dunc

More information about the tech mailing list