Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DDos syn attack

  • From: Andrew Dorsett
  • Date: Mon Dec 30 13:16:59 2002

On Mon, 30 Dec 2002, Christopher L. Morrow wrote:

> wouldn't dns lookups be a bit time consuming and introduce a dos on the
> dos ?? if you had to look up each time you crafted a packet it'd take alot
> more effort to pound out 100kpps, no? Most of the flooders I've seen (I'm
> no programmer so I may be wrong on this) actually do a lookup to ip for
> the dest and just start making packets, never rechecking the name->ip
> mapping once its done the first time.

I remember a long time ago I wrote an app to reverse IP's and there
definately is a delay looking up addresses.  And you're right it would
kill performance of the attack if they looked up the addresses each time,
so they do cache the entries.  But lucky for us none of the coders have
thought to do lookups at regular intervals or better yet that with
threading they can use one thread for the attack and one thread to monitor
the DNS entry.

Andrew
---
<zerocool@netpath.net>
http://www.andrewsworld.net/
ICQ: 2895251
Cisco Certified Network Associate

"Learn from the mistakes of others. You won't live long enough to make all of them yourself."






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.