[prev in list] [next in list] [prev in thread] [next in thread]
List: intrusions
Subject: Re: DRDoS
From: "Patrick Nolan" <pnolan01 () nycap ! rr ! com>
Date: 2002-03-28 18:20:42
[Download RAW message or body]
Hi Tom,
The original post Gibson did a while back, which had a copy of his chat with a \
"zombie master" who knew the kid that hosed grc off-line, discussed what was then \
called a DDos on grc.com. It was a nice write up back then. That's what I thought I \
was providing a link for ......
It's seems to have now become his "reflected" DoS and I wish I never mentioned it \
recently, for all the reasons you so rightly enumerate.
Pat
----- Original Message -----
From: "Tom Liston" <tliston@premmag.com>
To: <intrusions@incidents.org>
Sent: Thursday, March 28, 2002 1:01 PM
Subject: DRDoS
> Aw heck... I haven't said anything controversial for a while...
>
> Is it just me, or does anyone else think this DRDoS thing is a
> bunch of hooey?
>
> I've looked over this "attack" a number of times and I just don't get
> it...
>
> http://grc.com/dos/drdos.htm
>
> WHY BOTHER DOING THIS? The "bang for your buck" in this is
> all wrong... The packets that you generate in this manner aren't
> right for the type of attack you're trying to achieve. When you're
> doing a DoS, you want *BIG* packets, or at least a steady stream
> of packets of moderate size, and yet this attack will generate only
> small RST or SYN/ACKs. The "amplification" effect to this is
> minimal (nonexistent if the target responds to an inbound with a
> RST), and it requires that you spoof your source IP. Well, if I can
> spoof my source IP, WHY NOT SEND THE PACKETS DIRECTLY?
>
> Gibson's "diffusion" argument just doesn't hold water... hasn't he
> ever heard of a source routed packet? (Besides, the true choke
> points in his "diffuse" path are still there... source, destination...)
>
> I've heard too many references to this "attack" on this list, and for
> the life of me, I just don't see this as being valid. Can some of the
> rest of you please read through the description and see if you think
> that this actually is "real" or if Gibson is off chasing ghosts...
>
> -TL
>
> Tom Liston, GSEC
> Network Administrator
> Prem Magnetics, Inc.
> tliston@premmag.com
> tliston@hackbusters.net
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic