On Mon, 14 Jul 2008, Jack C wrote:
I can't tell from your message whether you take "smurf-like" to mean any
type of amplification, or just that specific broadcast-address attack. If
you aren't against amplification via third party machines, an other simple
method is to spoof large DNS requests with the src-addr of the machine to be
attacked. I wrote a script to do this a while ago if you need it.
Yes, I meant any kind of amplification. Though I would be interested in
seeing your script :)
If your message is asking how to fill a pipe larger than yours WITHOUT using
third party machines (AND you're going for a purely bandwidth-based attack),
you may have to sacrifice your own pipe. Ie, you could make a ton of
requests on a non-windowing protocol (so that you can make more requests
without waiting for the results of the previous) and just hammer away at
large requests (DNS again comes to mind). It'll trash your link, but as long
as the bottle neck is on your end it should also take their down a few
notches.
Sergio's suggestion of looking into Packetstorm was interesting. I'm
trying to recall the name of a company which touted an "anti-DDoS"
product which was essentially an Akamai-like service which grew your
available bandwidth on demand to help fight off DDoS attacks. This was
circa-2002 but I'm wondering if there are service providers avaiable
which offer load testing services that could be leveraged to simulate
DDoS for clients.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
