Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Tactics for surviving heavy DDoS attack?

from [Lee Fisher] Network Security [Permanent Link]
Subject: Re: Tactics for surviving heavy DDoS attack?
Date: Mon, 21 Apr 2008 13:16:46 -0700
I missed some messages in this thread, but I don't think Tor has been mentioned as an option to help with DDoS.

Excerpting from the Tor Abuse FAQ:
<http://www.torproject.org/faq-abuse.html.en>

----snip----
What about distributed denial of service attacks?

Distributed denial of service (DDoS) attacks typically rely on having a group of thousands of computers all sending floods of traffic to a victim. Since the goal is to overpower the bandwidth of the victim, they typically send UDP packets since those don't require handshakes or coordination. But because Tor only transports correctly formed TCP streams, not all IP packets, you cannot send UDP packets over Tor. (You can't do specialized forms of this attack like SYN flooding either.) So ordinary DDoS attacks are not possible over Tor. Tor also doesn't allow bandwidth amplification attacks against external sites: you need to send in a byte for every byte that the Tor network will send to your destination. So in general, attackers who control enough bandwidth to launch an effective DDoS attack can do it just fine without Tor.
----snip----

There are issues. Some infrastructure (authority directories, exit node routers) have publicly visible IP addresses. Not all apps will work over Tor (UDP, non-TCP). Tor's benefits cost additional technical/legal overhead for users and admins. Read the design papers (roadmaps, challenges) for more on those.


[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: PKI help, WALI
Next by Date:  Re: Firewall for Windows Server 2003, Shawn A. Corrello
Previous by Thread:  RE: Tactics for surviving heavy DDoS attack?, Mark Brunner
Next by Thread:  RE: Tactics for surviving heavy DDoS attack?, Kevin Ortloff
Indexes:  [Date] [Thread] [Top] [All Lists]