Lets hear from the pro's

Discussion in 'Computer Security' started by sponge, Jan 16, 2004.

  1. sponge

    sponge Guest

    DoS attacks are very difficult to trace, because they are almost
    always bounced off another system or use forged IPs.l. In an
    old-fashioned SYN flood attack, for example, an attacker sends lots of
    TCP SYN packets to a target, attempting to open connections and starve
    the target of memory, bandwidth, or CPU cycles. But the attacker will
    forge the source IP, usually of a non-existent address or addresses.
    So, the target sends a TCP ACK back to the phony addresses, and never
    receives a reply, but it still holds the conneciton open expecting a
    completion eventually, usually for 60 seconds. If enough SYN packets
    are sent, the target's connection queue is used up and no more new
    connections can be made. In some cases, the target may run out of
    memory or run out of CPU cycles and crash. If the target is on a
    relatively slow connection compared to the attacker(s), the connection
    may simply become saturated.

    The following is one of the better sources on DoS, even thought there
    are some important ones it doesn't talk about like IGMP and malformed
    header attacks:
    http://www.riverheadnetworks.com/re/known_ddos_tools.html

    These have some good info too:
    http://www.csm.ornl.gov/~dunigan/oci/bktrk.html
    http://www.securityfocus.com/infocus/1729
    http://www.insecure.org

    Sponge
    Sponge's Secure Solutions
    www.geocities.com/yosponge
    My new email: yosponge2 et yahoo dot com
     
    sponge, Jan 16, 2004
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.