Security Basics mailing list archives
RE: Why bandwidth consuming ddos attack using only udp or icmp?
From: "Scott" <whip () supportmenot com>
Date: Sat, 1 Mar 2008 10:44:51 +1100
It depends on what the attacker is trying to deny access to, and how they are trying to do it. In the example of ICMP & UDP attacks, they are likely to be trying to flood routers and firewalls with packets, which will slow down or even stop legitimate TCP packets from flowing. When a router starts to get overloaded, TCP packets and connections are slowed down, which obviously affects your legit TCP traffic. In the case of a TCP attack on port 80, they are likely to be trying to take down your web server. Cheers, Scott Need relief from IT support stress? http://supportmenot.com -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of MontyRee Sent: Friday, 29 February 2008 1:52 PM To: security-basics () securityfocus com Subject: Why bandwidth consuming ddos attack using only udp or icmp? Hello, list. I have operated network in my company and recently I have experienced some ddos attack(inbound) on my network. It seems that the ddos attack was divided in two first, the bandwidth consuming attack was all consist of udp or icmp using big size packet(about 1500 byte). second tcp based attack for example http(80/tcp) is mostly creates lots of pps using small size packet(about 40 byte ) So, some network administrator said that he filtered all udp and icmp just against the bandwidth consuming ddos attack at the border router. (Surely some problems would be happen..dns..somethinf like that) and I have one question. Is it impossible or ineffective using tcp for bandwidth consuming attack in the point of attacker? anyone who saw the bandwidth consuming attack using tcp? Thanks in advance. _________________________________________________________________ 확 달라진 MSN 홈페이지, 지금 바로 만나보세요! http://www.msn.co.kr No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.21.1/1303 - Release Date: 28/02/2008 12:14 PM No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.21.1/1303 - Release Date: 28/02/2008 12:14 PM
Current thread:
- RE: Why bandwidth consuming ddos attack using only udp or icmp? Scott (Mar 01)
- RE: Why bandwidth consuming ddos attack using only udp or icmp? MontyRee (Mar 03)
- Re: Why bandwidth consuming ddos attack using only udp or icmp? Amol Sapkal (Mar 04)
- RE: Why bandwidth consuming ddos attack using only udp or icmp? Murda Mcloud (Mar 04)
- RE: Why bandwidth consuming ddos attack using only udp or icmp? Ajay Tikoo (Mar 07)
- Re: Why bandwidth consuming ddos attack using only udp or icmp? pinowudi (Mar 10)
- <Possible follow-ups>
- RE: Why bandwidth consuming ddos attack using only udp or icmp? MontyRee (Mar 01)
- RE: Why bandwidth consuming ddos attack using only udp or icmp? Ajay Tikoo (Mar 01)
- Re: Why bandwidth consuming ddos attack using only udp or icmp? Brian Bevers (Mar 01)
- RE: Why bandwidth consuming ddos attack using only udp or icmp? MontyRee (Mar 03)