Security Basics mailing list archives

Re: DoS Attackers using only udp and icmp protocol?

From: krymson () gmail com
Date: 9 Feb 2007 20:15:50 -0000

TCP DoS attacks are quite common, especially SYN floods. Because systems listening on TCP for the 3-way handshake have 
a time-out while they wait for the completion of the handshake after a SYN is first received, you can exhaust resources 
on the system be flooding lots of SYNs and just not completing the handshake. You could even complete the handshake and 
flood that way as well.

I will throw an opinion out that might be wrong, but I feel TCP-related floods tend to be aimed at exhausting 
TCP-listening resources on a target. UDP and ICMP floods tend to also target saturation of the target's network 
bandwidth.


<- snip ->

I have monitored that some DoS attack which generates large bps(over 1Gbps) 
against my network.
and I can see that all dos related packets are udp and icmp not tcp.

In the point of view attacker, 
Is it impossible that generates lots of packets and large packets using tcp 
without 3 way handshake?

Current thread:

DoS Attackers using only udp and icmp protocol? Monty Ree (Feb 09)
- Re: DoS Attackers using only udp and icmp protocol? Ansgar -59cobalt- Wiechers (Feb 12)
- <Possible follow-ups>
- Re: DoS Attackers using only udp and icmp protocol? cuervo73 (Feb 12)
- Re: DoS Attackers using only udp and icmp protocol? krymson (Feb 12)
  - RE: DoS Attackers using only udp and icmp protocol? Lehman, Jim (Feb 12)