> I can't tell from your message whether you take "smurf-like" to mean any
> type of amplification, or just that specific broadcast-address attack. If
> you aren't against amplification via third party machines, an other simple
> method is to spoof large DNS requests with the src-addr of the machine to be
> attacked. I wrote a script to do this a while ago if you need it.
Yes, I meant any kind of amplification. Though I would be interested in
seeing your script :)
> If your message is asking how to fill a pipe larger than yours WITHOUT using
> third party machines (AND you're going for a purely bandwidth-based attack),
> you may have to sacrifice your own pipe. Ie, you could make a ton of
> requests on a non-windowing protocol (so that you can make more requests
> without waiting for the results of the previous) and just hammer away at
> large requests (DNS again comes to mind). It'll trash your link, but as long
> as the bottle neck is on your end it should also take their down a few
> notches.
Sergio's suggestion of looking into Packetstorm was interesting. I'm
trying to recall the name of a company which touted an "anti-DDoS"
product which was essentially an Akamai-like service which grew your
available bandwidth on demand to help fight off DDoS attacks. This was
circa-2002 but I'm wondering if there are service providers avaiable
which offer load testing services that could be leveraged to simulate
DDoS for clients.
> I can't tell from your message whether you take "smurf-like" to mean any
> type of amplification, or just that specific broadcast-address attack. If
> you aren't against amplification via third party machines, an other simple
> method is to spoof large DNS requests with the src-addr of the machine to be
> attacked. I wrote a script to do this a while ago if you need it.
Yes, I meant any kind of amplification. Though I would be interested in
seeing your script :)
> If your message is asking how to fill a pipe larger than yours WITHOUT using
> third party machines (AND you're going for a purely bandwidth-based attack),
> you may have to sacrifice your own pipe. Ie, you could make a ton of
> requests on a non-windowing protocol (so that you can make more requests
> without waiting for the results of the previous) and just hammer away at
> large requests (DNS again comes to mind). It'll trash your link, but as long
> as the bottle neck is on your end it should also take their down a few
> notches.
Sergio's suggestion of looking into Packetstorm was interesting. I'm
trying to recall the name of a company which touted an "anti-DDoS"
product which was essentially an Akamai-like service which grew your
available bandwidth on demand to help fight off DDoS attacks. This was
circa-2002 but I'm wondering if there are service providers avaiable
which offer load testing services that could be leveraged to simulate
DDoS for clients.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
[ reply ]