Hacker News new | past | comments | ask | show | jobs | submit login

reminds me of using the old MIRROR target in iptables back in the day. before it was removed because its ridiculous. we used to watch script kiddies trying to brute force their own hosts but even then we knew it was ripe for abuse.

https://www.linuxtopia.org/Linux_Firewall_iptables/x4448.htm...




Probably for the best, since it sounds like that could be used for DDoS amplification and/or reflection.

For example, if an attack could spoof traffic to get two different reflectors hall-of-mirror-ing each other, or using a botnet that spoofs traffic to get one collection of dupes to slam a single victim in response, etc.


How would you spoof multiple valid packets in a TCP-based protocol requiring a sequence of interactions when you can't receive any of the ACKs (because they'll be sent to not-your-IP)?


Depending on the protocol you can probably do reflection attacks over tcp with TFO.


It was beautiful to see people nuke themselves in winnuke era.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: