Re: Client DDoS requests, ideas?

[Erin Carroll <amoeba () amoebazone com>]

On Mon, 14 Jul 2008, Jack C wrote:

> I can't tell from your message whether you take "smurf-like" to mean any
> type of amplification, or just that specific broadcast-address attack. If
> you aren't against amplification via third party machines, an other simple
> method is to spoof large DNS requests with the src-addr of the machine to be
> attacked. I wrote a script to do this a while ago if you need it.

Yes, I meant any kind of amplification. Though I would be interested in
seeing your script :)


> If your message is asking how to fill a pipe larger than yours WITHOUT using
> third party machines (AND you're going for a purely bandwidth-based attack),
> you may have to sacrifice your own pipe. Ie, you could make a ton of
> requests on a non-windowing protocol (so that you can make more requests
> without waiting for the results of the previous) and just hammer away at
> large requests (DNS again comes to mind). It'll trash your link, but as long
> as the bottle neck is on your end it should also take their down a few
> notches.

Sergio's suggestion of looking into Packetstorm was interesting. I'm
trying to recall the name of a company which touted an "anti-DDoS"
product which was essentially an Akamai-like service which grew your
available bandwidth on demand to help fight off DDoS attacks. This was
circa-2002 but I'm wondering if there are service providers avaiable
which offer load testing services that could be leveraged to simulate
DDoS for clients.


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------