pointer to 500point question regarding webhost

Posted on 2006-05-24
Last Modified: 2010-03-19
Question by:dynamicrevolutions
    LVL 5

    Accepted Solution

    I dont think anyone is able to handle a DDoS or RDDoS attack if one is pointed at them. This is mainly because of the nature of such an attack.

    A little history on what a (today usually) RDDoS is. It stands for Reflective Distributed Denail of Services Attack. This works as followed.

    The internet is usually a huge web of routers and switches. Mainly the routers (tracert see hobs) are used to trigger such an denail of services attack. The one initialising this kind of attack usually has a farm of bots running on infected home machines that he can trigger to send a spoofed SYN packet to a list of routers. To do this he first selects a wide range of routers by performing various "tracert" and saving the IP`s of the hobs. Next he picks a target machine to attack (like your own).

    Then he sends a command to all the bots (usually from some IRC channel where all the bots log in) to start sending SYN packets to all these innocent routers with an altered Source IP header (wich is been spoofed to match the IP of the target).

    Because all the routers are ment to transfer traffic from the internet all the routers will reply to the SYN packet with a SYN/ACK packet to reply that connection is allowed. Only they will all send the packet back to your machine that didnt actually request a SYN (synchronise). Now because your connection is being flooded with SYN packets from random routers of the internet there is no bandwith left to actually communicate over.

    One can solve this by blocking all the routers that are sending these SYN packets. But this will also mean you are actually blocking potential customers and real parts of the internet. If you did this succesfully and they realy want you as target its a easy job for the attacker to get a new list of routers and start over again.

    because all that is happening is actually valid by the TCP/IP standard (handshacking) i dont know if there is actually one can do next to blocking and keep blocking these routers wich are only doing what they supposed to do. So it remains a tough problem. Verry time consuming and very valuable (traffic and engineering time). A host that can handle a DDoS? RDDoS? hrm.. think noone can, except block the sources and maybe write scripting to detect and prevent it by blocking. But still even if your firewall blocks it the line still gets consumed by invalid SYN/ACK packets thus resulting in loss of connectivity...

    Regard, May
    LVL 5

    Expert Comment

    the supplied description is applicable to a one node setup. Thus the setup most commonly used by MKB / home customers...


    LVL 16

    Expert Comment

    No arguments there.  I just thought I'd mention how the really really big boys do it.


    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now