nanog mailing list archives
Re: GoDaddy : DDoS : : Contact
From: Mel Beckman <mel () beckman org>
Date: Mon, 3 Aug 2015 13:35:26 +0000
But SYN floods are easily detected and deflected by all modern firewalls. If a handshake doesn’t complete within a certain time interval, the SYN is discarded. Many DDOS attacks are full-fledged TCP sessions. The zombies are used to simulate legitimate users, and because they’re coming from thousands of legitimate IP addresses sending what looks like completely normal traffic (e.g. HTTP queries) they are difficult to distinguish from real clients systems. There are of course unicast DDOS attacks prosecuted over UDP or ICMP. The majority I’ve seen, however, are TCP. In any event, I think it’s not useful to misuse the term DDoS, and that it refers to any attack where the source addresses are distributed across the Internet, making them difficult to identify and therefore block. -mel
On Aug 3, 2015, at 6:00 AM, Stephen Satchell <list () satchell net> wrote: On 08/03/2015 05:40 AM, Mel Beckman wrote:What would be the point of spoofing the source IPs to be identical? You're just making the attack trivial to block. Plus you could never do any kind of TCP session attack, since you can't complete a handshake. I would have to call this sort of attack a LAAADDoS (Lame Attempt At A DDoS).:)Reflection attack as a secondary goal against the spoofed source IP? Primary goal would be a SYN flood of many servers.
Current thread:
- Re: GoDaddy : DDoS :: Contact, (continued)
- Re: GoDaddy : DDoS :: Contact Roland Dobbins (Aug 02)
- Re: GoDaddy : DDoS :: Contact Valdis . Kletnieks (Aug 02)
- Re: GoDaddy : DDoS :: Contact tqr2813d376cjozqap1l (Aug 02)
- Re: GoDaddy : DDoS :: Contact Dovid Bender (Aug 03)
- Re: GoDaddy : DDoS : : Contact John Levine (Aug 02)
- Re: GoDaddy : DDoS : : Contact Roland Dobbins (Aug 02)
- Re: GoDaddy : DDoS : : Contact Mel Beckman (Aug 03)
- Re: GoDaddy : DDoS : : Contact Roland Dobbins (Aug 03)
- Re: GoDaddy : DDoS : : Contact A . L . M . Buxey (Aug 03)
- Re: GoDaddy : DDoS : : Contact Stephen Satchell (Aug 03)
- Re: GoDaddy : DDoS : : Contact Mel Beckman (Aug 03)
- Re: GoDaddy : DDoS : : Contact Roland Dobbins (Aug 03)
- Re: GoDaddy : DDoS : : Contact Roland Dobbins (Aug 03)
- Re: GoDaddy : DDoS : : Contact Stephen Satchell (Aug 03)
- Re: GoDaddy : DDoS : : Contact Roland Dobbins (Aug 03)