Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Who's behind limestonenetworks.com AKA DDoS on polipo(8123)

From: Jann Horn <jann () thejh net>
Date: Sun, 18 Aug 2013 10:04:58 +0200
On Sat, Aug 17, 2013 at 07:50:34PM -0400, Valdis.Kletnieks () vt edu wrote:

On Sat, 17 Aug 2013 13:39:16 +0200, Jann Horn said:


And yes, you're right, a DoS attack can be unsuccessful. My point was that
this small amount of traffic shouldn't be called a DDoS because there's no
way that the intention behind this amount of traffic was to take down that
service with pure bandwidth.


How quickly they forget....

Not all DDoS are pure bandwidth based.  Consider SYN flooding, where the
packets sent are relatively small and often not even all that frequent, but can
tie up large amounts of resources on the target machine. This sort of attack
works particularly well against sites that have a big blind spot because they
think that all DDoS attacks are massive bandwidth hosedowns.


So, why would an attacker use a distributed attack for that? Wouldn't
one machine with good connectivity be sufficient (assuming that you spoof the
source address differently each time)?



How many connections/sec does it take to forkbomb your Apache server into
uselessness?  And if you rate limit your Apache so your system doesn't
forkbomb, how many does it take to prevent legitimate traffice from being
serviced?


Right, that would be much harder to block if it was distributed.

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: