Originally Posted by
captainviv
sorry to bore all those not involved..... but here is what i found.
DoS attacks are commonly launched from one or more points on the
Internet that are external to the victim’s own system or network. In many
cases, the launch point consists of one or more systems that have been
subverted by an intruder via a security-related compromise rather than
from the intruder’s own system or systems. As such, intrusion defense not
only helps to protect Internet assets and the mission they support, but it
also helps prevent the use of assets to attack other Internet-connected
networks and systems. Likewise, regardless of how well defended your
assets may be, your susceptibility to many types of attacks, particularly
DoS attacks, depends on the state of security on the rest of the global
Internet.
Defending against DoS attacks is far from an exact or complete science. Rate
limiting, packet filtering, and tweaking software parameters can, in some cases,
help limit the impact of DoS attacks, but usually only at points where the DoS
attack is consuming fewer resources than are available. In many cases, the only
defense is a reactive one where the source or sources of an ongoing attack are
identified and prevented from continuing the attack. The use of source IP
address spoofing during attacks and the advent of distributed attack methods
and tools have provided a constant challenge for those who must respond to
DoS attacks.
Early DoS attack technology involved simple tools that generated and sent
packets from a single source aimed at a single destination. Over time, tools have
evolved to execute single source attacks against multiple targets, multiple source
attacks against single targets, and multiple source attacks against multiple
targets.
Today, the most common DoS attack type reported to the CERT/CC involves
sending a large number of packets to a destination causing excessive amounts
of endpoint, and possibly transit, network bandwidth to be consumed. Such
attacks are commonly referred to as packet flooding attacks. Single source
against single target attacks are common, as are multiple source against single
target attacks. Based on reported activity, multiple target attacks are less
common.
The packet types used for packet flooding attacks have varied over time, but for
the most part, several common packet types are still used by many DoS attack
tools.
3
TCP floods – A stream of TCP packets with various flags set are sent to
the victim IP address. The SYN, ACK, and RST flags are commonly used.
ICMP echo request/reply (e.g., ping floods) – A stream of ICMP
packets are sent to a victim IP address.
UDP floods – A stream of UDP packets are sent to the victim IP address.
Because packet flooding attacks typically strive to deplete available processing
or bandwidth resources, the packet rate and volume of data associated with the
packet stream are important factors in determining the attack’s degree of
success. Some attack tools alter attributes of packets in the packet stream for a
number of different reasons.
Source IP address – In some cases, a false source IP address, a method
commonly called IP spoofing, is used to conceal the true source of a
packet stream. In other cases, IP spoofing is used when packet streams
are sent to one or more intermediate sites in order to cause responses to
be sent toward a victim. The latter example is common for packet
amplification attacks such as those based on IP directed broadcast
packets (e.g., “smurf” or “fraggle”).
Source/destination ports – TCP and UDP based packet flooding attack
tools sometimes alter source and/or destination port numbers to make
reacting with packet filtering by service more difficult.
Other IP header values – At the extreme, we have seen DoS attack tools
that are designed to randomize most all IP header options for each packet
in the stream, leaving just the destination IP address consistent between
packets.
Packets with fabricated attributes are easily generated and delivered across the
network. The TCP/IP protocol suite (IPv4) does not readily provide mechanisms
to insure the integrity of packet attributes when packets are generated or during
end-to-end transmission. Typically, an intruder need only have sufficient privilege
on a system to execute tools and attacks capable of fabricating and sending
packets with maliciously altered attributes.
so , yes , i will never be able to PROVE it was smarty or one of his side kicks . and , i also would not be wasting my time ,if this did not happen.
"the wheel turns slowly , but belive me , it does turn"
LinkBack URL
About LinkBacks
I can't help but to sit back and watch the comedy show. Find something else better to do. Deal with the virus on your own instead of pointing the finger at someone else. How old are we again? Sayin the "wheel turns slowly" aint gonna get you anywhere
