Could this the result of a spoofed IP source smurf attack or some other
amplification attack?
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of krymson@gmail.com
Sent: Friday, February 09, 2007 12:16 PM
To: security-basics@securityfocus.com
Subject: Re: DoS Attackers using only udp and icmp protocol?
TCP DoS attacks are quite common, especially SYN floods. Because systems
listening on TCP for the 3-way handshake have a time-out while they wait
for the completion of the handshake after a SYN is first received, you
can exhaust resources on the system be flooding lots of SYNs and just
not completing the handshake. You could even complete the handshake and
flood that way as well.
I will throw an opinion out that might be wrong, but I feel TCP-related
floods tend to be aimed at exhausting TCP-listening resources on a
target. UDP and ICMP floods tend to also target saturation of the
target's network bandwidth.
<- snip ->
I have monitored that some DoS attack which generates large bps(over
1Gbps)
against my network.
and I can see that all dos related packets are udp and icmp not tcp.
In the point of view attacker,
Is it impossible that generates lots of packets and large packets using
tcp
without 3 way handshake?
DISCLAIMER: This message (including any files transmitted with it) may contain
confidential and / or proprietary information, is the property of Interactive
Data Corporation and / or its subsidiaries and is directed only to the
addressee(s). If you are not the designated recipient or have reason to believe
you received this message in error, please delete this message from your system
and notify the sender immediately. An unintended recipient's disclosure,
copying, distribution or use of this message, or any attachments, is prohibited
and may be unlawful.
