Probably for the best, since it sounds like that could be used for DDoS amplific... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

Terr_ 7 months ago | parent | context | favorite | on: Some thoughts on OpenSSH 9.8's PerSourcePenalties ...

Probably for the best, since it sounds like that could be used for DDoS amplification and/or reflection.

For example, if an attack could spoof traffic to get two different reflectors hall-of-mirror-ing each other, or using a botnet that spoofs traffic to get one collection of dupes to slam a single victim in response, etc.

metadat 7 months ago [–]

How would you spoof multiple valid packets in a TCP-based protocol requiring a sequence of interactions when you can't receive any of the ACKs (because they'll be sent to not-your-IP)?

katzinsky 7 months ago | [–]

Depending on the protocol you can probably do reflection attacks over tcp with TFO.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact