Security Basics mailing list archives

RE: Why bandwidth consuming ddos attack using only udp or icmp?

From: "Scott" <whip () supportmenot com>
Date: Sat, 1 Mar 2008 10:44:51 +1100

It depends on what the attacker is trying to deny access to, and how they
are trying to do it.

In the example of ICMP & UDP attacks, they are likely to be trying to flood
routers and firewalls with packets, which will slow down or even stop
legitimate TCP packets from flowing. When a router starts to get
overloaded, TCP packets and connections are slowed down, which obviously
affects your legit TCP traffic.

In the case of a TCP attack on port 80, they are likely to be trying to
take down your web server. 


Cheers,
Scott


Need relief from IT support stress?
http://supportmenot.com
-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of MontyRee
Sent: Friday, 29 February 2008 1:52 PM
To: security-basics () securityfocus com
Subject: Why bandwidth consuming ddos attack using only udp or icmp?



Hello, list.

I have operated network in my company and recently I have experienced
some ddos attack(inbound) on my network.

It seems that the ddos attack was divided in two

first, the bandwidth consuming attack was all consist of udp or icmp using
big size packet(about 1500 byte).
second tcp based attack for example http(80/tcp) is mostly creates lots of
pps using small size packet(about 40 byte )

So, some network administrator said that he filtered all udp and icmp
just against the bandwidth consuming ddos attack at the border router.
(Surely some problems would be happen..dns..somethinf like that)

and I have one question.

Is it impossible or ineffective using tcp for bandwidth consuming attack in
the point of attacker?
anyone who saw the bandwidth consuming attack using tcp?


Thanks in advance.

_________________________________________________________________
확 달라진 MSN 홈페이지, 지금 바로 만나보세요!
http://www.msn.co.kr

No virus found in this incoming message.
Checked by AVG Free Edition. 
Version: 7.5.516 / Virus Database: 269.21.1/1303 - Release Date: 28/02/2008
12:14 PM
 

No virus found in this outgoing message.
Checked by AVG Free Edition. 
Version: 7.5.516 / Virus Database: 269.21.1/1303 - Release Date: 28/02/2008
12:14 PM

Current thread:

RE: Why bandwidth consuming ddos attack using only udp or icmp? Scott (Mar 01)
- RE: Why bandwidth consuming ddos attack using only udp or icmp? MontyRee (Mar 03)
  - Re: Why bandwidth consuming ddos attack using only udp or icmp? Amol Sapkal (Mar 04)
  - RE: Why bandwidth consuming ddos attack using only udp or icmp? Murda Mcloud (Mar 04)
  - RE: Why bandwidth consuming ddos attack using only udp or icmp? Ajay Tikoo (Mar 07)
    - Re: Why bandwidth consuming ddos attack using only udp or icmp? pinowudi (Mar 10)
- <Possible follow-ups>
- RE: Why bandwidth consuming ddos attack using only udp or icmp? MontyRee (Mar 01)
  - RE: Why bandwidth consuming ddos attack using only udp or icmp? Ajay Tikoo (Mar 01)
  - Re: Why bandwidth consuming ddos attack using only udp or icmp? Brian Bevers (Mar 01)