Security Basics mailing list archives
Re: DoS Attackers using only udp and icmp protocol?
From: krymson () gmail com
Date: 9 Feb 2007 20:15:50 -0000
TCP DoS attacks are quite common, especially SYN floods. Because systems listening on TCP for the 3-way handshake have a time-out while they wait for the completion of the handshake after a SYN is first received, you can exhaust resources on the system be flooding lots of SYNs and just not completing the handshake. You could even complete the handshake and flood that way as well. I will throw an opinion out that might be wrong, but I feel TCP-related floods tend to be aimed at exhausting TCP-listening resources on a target. UDP and ICMP floods tend to also target saturation of the target's network bandwidth. <- snip -> I have monitored that some DoS attack which generates large bps(over 1Gbps) against my network. and I can see that all dos related packets are udp and icmp not tcp. In the point of view attacker, Is it impossible that generates lots of packets and large packets using tcp without 3 way handshake?
Current thread:
- DoS Attackers using only udp and icmp protocol? Monty Ree (Feb 09)
- Re: DoS Attackers using only udp and icmp protocol? Ansgar -59cobalt- Wiechers (Feb 12)
- <Possible follow-ups>
- Re: DoS Attackers using only udp and icmp protocol? cuervo73 (Feb 12)
- Re: DoS Attackers using only udp and icmp protocol? krymson (Feb 12)
- RE: DoS Attackers using only udp and icmp protocol? Lehman, Jim (Feb 12)