Re: Flood Attack

[J Edgar Hoover <zorch () RIGHTEOUS NET>]

On Mon, 28 Aug 2000, J. Oquendo wrote:

> My view on writing this was; If I sent neighborDEE bad data as
> neighborDUMB, somewhere down the line neighborDUMB is either going to
>
> a) crash using up uneccessary resources (imagine this attack distributed)
> b) lag to death and if logging was enabled... choke
> c) ignore neighborDEE (killing the neighbor connection)
> d) e-mail me a reply back with a relevant RFC showing me why this attack
> wouldn't work.

There is no RFC on flooding. IRC seems to be the definitive reference ;]

Floods are generally effective for one of two reasons, they consume
bandwidth, or they consume resources on the target.

Daemonic at first seems to be a simple flooder which is only effective if
you have a wide pipe to your target. Each packet simply doesn't consume
much of the target's resources, so you need a huge volume of packets.

One weakness in many routers is that multicast uses much more cpu than
normal unicast traffic. Using a multicast source address with Daemonic has
had surprising effects with very low flood rates.