New RDDOS Attack
Posted: Thu Aug 22, 2002 4:30 am
Heh just reading on a new denial of service attack called "RDDOS".
For those of you that are unframiliar with what a "DDOS" attack is, it is an attack directed at a specifc host, from many computer sending as much possible data to a host. usually what happens, is the ammount of data being generated and sent to a host is more than the host can handle, therefor it can no longer accept any more "important" packets, and you have a denial of service.
Now a RDDOS attack is quite interesting. Every packet that you send has a header. And in that header contains some info including your ip address. This way, lets say when you send a request to yahoo.com, yahoo.com reads the header, and sends the data back to the ip address in the header, and then you see the webpage. But! With windows XP (not sure about NT, or 2k) it allows you to send raw packets. Which means you can change the ip in the header. Now this can all be done with one user allone. What he does, it sends out requests to major fast websites, and spoofs the ip address, to the ip of his victim. Now that can hold them down for not too long, but long enough. Next what he does, is he gets all his bots to do this. So you got 400 bots sending a request to yahoo.com, microsoft.com ... ect up to lets say 1000, and then repeating ... well im sure you can hold down a website with that kynda data!
Interesing eh! you can find more info ! grc.com
For those of you that are unframiliar with what a "DDOS" attack is, it is an attack directed at a specifc host, from many computer sending as much possible data to a host. usually what happens, is the ammount of data being generated and sent to a host is more than the host can handle, therefor it can no longer accept any more "important" packets, and you have a denial of service.
Now a RDDOS attack is quite interesting. Every packet that you send has a header. And in that header contains some info including your ip address. This way, lets say when you send a request to yahoo.com, yahoo.com reads the header, and sends the data back to the ip address in the header, and then you see the webpage. But! With windows XP (not sure about NT, or 2k) it allows you to send raw packets. Which means you can change the ip in the header. Now this can all be done with one user allone. What he does, it sends out requests to major fast websites, and spoofs the ip address, to the ip of his victim. Now that can hold them down for not too long, but long enough. Next what he does, is he gets all his bots to do this. So you got 400 bots sending a request to yahoo.com, microsoft.com ... ect up to lets say 1000, and then repeating ... well im sure you can hold down a website with that kynda data!
Interesing eh! you can find more info ! grc.com