From: Thierry Zoller (Thierry@sniff-em.com)
Date: Mon May 09 2005 - 15:12:38 EDT
Dear Julian Totzek,
Considering this :
JT> I don’t want to get a bandwidth overload, I just want
JT> to show that the server is not able to handle all the syn packets.
I don't understand this :
JT> We only have a 2Mbit line here in the office, so if I need to
JT> flood a 10Mbit line there will not be enough packets to do this,
JT> right?
If you send SYN packets to an open port with active services you won't
need a 2mbit line to DoS a 10mbit line, except of course your into
traffic exhaustion which your first statement however negates.
JT> The third question is what will be the side effects if I send
JT> packets with spoofed sources?
If the spoofed sources exist they will be flooded with SYN+ACKS or FIN
packets from the host you attack. You might one to choose to spoof an
IP which isn't alive.
JT> As you all know I don't a answer to
JT> my packets, but would it be a DDos to all spoofed sources then?
Depends on how often you change the decoys (spoofed ingress addresses)
JT> How can you ensure that only the main target is getting flooded?
Testen testen testen.
-- Thierry Zoller mailto:Thierry@sniff-em.com
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:20 EDT