RE: Why bandwidth consuming ddos attack using only udp or icmp?

From: Scott <whip_at_nospam>
Date: Fri Feb 29 2008 - 23:44:51 GMT
To: "'MontyRee'" <chulmin2@hotmail.com>, <security-basics@securityfocus.com>

It depends on what the attacker is trying to deny access to, and how they are trying to do it.

In the example of ICMP & UDP attacks, they are likely to be trying to flood routers and firewalls with packets, which will slow down or even stop legitimate TCP packets from flowing. When a router starts to get overloaded, TCP packets and connections are slowed down, which obviously affects your legit TCP traffic.

In the case of a TCP attack on port 80, they are likely to be trying to take down your web server.

Cheers,
Scott

Need relief from IT support stress?
http://supportmenot.com
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On Behalf Of MontyRee
Sent: Friday, 29 February 2008 1:52 PM
To: security-basics@securityfocus.com
Subject: Why bandwidth consuming ddos attack using only udp or icmp?

Hello, list.

I have operated network in my company and recently I have experienced some ddos attack(inbound) on my network.

It seems that the ddos attack was divided in two

first, the bandwidth consuming attack was all consist of udp or icmp using big size packet(about 1500 byte).
second tcp based attack for example http(80/tcp) is mostly creates lots of pps using small size packet(about 40 byte )

So, some network administrator said that he filtered all udp and icmp just against the bandwidth consuming ddos attack at the border router. (Surely some problems would be happen..dns..somethinf like that)

and I have one question.

Is it impossible or ineffective using tcp for bandwidth consuming attack in the point of attacker?
anyone who saw the bandwidth consuming attack using tcp?

Thanks in advance.

È® ´Þ¶óÁø MSN È¨ÆäÀÌÁö, Áö±Ý ¹Ù·Î ¸¸³ªº¸¼¼¿ä! http://www.msn.co.kr

No virus found in this incoming message. Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.21.1/1303 - Release Date: 28/02/2008 12:14 PM

No virus found in this outgoing message. Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.21.1/1303 - Release Date: 28/02/2008 12:14 PM

This message: [ Message body ]
Next message: Margaret Wolfe-Roberts: "unknown user on home computer"
Previous message: Alex Bolduc: ".NET Web Application Security"
In reply to: MontyRee: "Why bandwidth consuming ddos attack using only udp or icmp?"
Next in thread: Amol Sapkal: "Re: Why bandwidth consuming ddos attack using only udp or icmp?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]