dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
7
share rss forum feed
« Remote Remove
This is a sub-selection from Open can of worms


vpoko
Premium
join:2003-07-03
Boston, MA
reply to tubbynet

Re: Open can of worms

said by tubbynet:

said by jjoshua:

I was thinking about ICMP flood.
what about tcp syn flooding? crafted sql, rpc, etc. attacks? a botnet isn't just icmp flooding. that is one fraction of *all*botnet attacks that are out there.
Not to mention, how do you decide what's a ping flood? Repeated pings become a DoS attack when the bandwidth of the target is less than the aggregate bandwidth of the source(s) of the attack. I've had occasion to need to run continuous pings on known endpoints (say, Google) while testing for intermittent connection issues. Even though I may have sent thousands of ICMP packets in a short time, it was not an attack.

Ping floods are generally only effective when they're distributed, and if they're distributed then you can't tell just by looking at a single source, whether its an attack.

jjoshua, I suggest you hit the books and learn about networking instead of trying to debate something you don't know much about.


tubbynet
reminds me of the danse russe
Premium,MVM
join:2008-01-16
Chandler, AZ
kudos:1
said by poko :

Ping floods are generally only effective when they're distributed, and if they're distributed then you can't tell just by looking at a single source, whether its an attack.
yes. this is true. however, ping attacks are generally considered "old school". they still occur, but there are much better icmp attacks that affect the route processor much more effectively. these attacks not only cause the processor utilization to spike, but will effectively break control-plane processing (a) limiting the access that a network operations center has to the device and (b) break the control plane of the router such that igp and bgp sessions could be broken and may have to wait in queue until the processor can process the neighbor adjacency packets again.

of course -- this whole argument has been network centric. different issues apply when dealing with end-host protection of servers and applications clusters.

q.
--
"...if I in my north room dance naked, grotesquely before my mirror waving my shirt round my head and singing softly to myself..."