Re: the expensive way to do DDoS ?

[Robert Graham <robert_david_graham () yahoo com>]

A $500 Celeron system can fill a 100-mbps pipe pretty easily with 148,800 SYNs
per second (I've done it, on Windows no less). Host one each at AboveNet,
Exodus, Conexion, Pair, etc. I would say that you need less than 20.

However, hiding yourself at the POP can be tough. On one hand, they don't have
good security practices, so you can have fun spoofing neighbors MAC addresses
and IP addresses. On the other hand, they tend to use SNMP manageable switches.
They can quickly track down which port on which switch is sending out the
traffic and shut them off. (This is why my first thought on the DDoS was that
most of the traffic came from universities -- they are managed less well).

Robert Graham

--- Darren Reed <darrenr () reed wattle id au> wrote:
> If you had money to burn, how many el-cheapo pc's would you need to install
> at POP's around the world such that you had a virtual army out there that
> was yours and from which you could send forged packets whenever you like?
> (just how many ISPs are going to bother checking, eh?)  All you have to do
> is muddy the path of who the ISP thinks owns those boxes and yourself in the
> event that someone works out which boxes the packets are actually coming
> from...would 1000 be enough ?  (Are there even that many POPs ? :)  Maybe
> too expensive for a teenage hacker, but not the mafia, CIA, etc.


=====
Robert Graham  http://www.robertgraham.com/pubs
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com