[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


pointer to 500point question regarding webhost

Posted on 2006-05-24
Medium Priority
Last Modified: 2010-03-19
Question by:dynamicrevolutions
  • 2

Accepted Solution

dutchclan earned 0 total points
ID: 16751674
I dont think anyone is able to handle a DDoS or RDDoS attack if one is pointed at them. This is mainly because of the nature of such an attack.

A little history on what a (today usually) RDDoS is. It stands for Reflective Distributed Denail of Services Attack. This works as followed.

The internet is usually a huge web of routers and switches. Mainly the routers (tracert www.google.com see hobs) are used to trigger such an denail of services attack. The one initialising this kind of attack usually has a farm of bots running on infected home machines that he can trigger to send a spoofed SYN packet to a list of routers. To do this he first selects a wide range of routers by performing various "tracert" and saving the IP`s of the hobs. Next he picks a target machine to attack (like your own).

Then he sends a command to all the bots (usually from some IRC channel where all the bots log in) to start sending SYN packets to all these innocent routers with an altered Source IP header (wich is been spoofed to match the IP of the target).

Because all the routers are ment to transfer traffic from the internet all the routers will reply to the SYN packet with a SYN/ACK packet to reply that connection is allowed. Only they will all send the packet back to your machine that didnt actually request a SYN (synchronise). Now because your connection is being flooded with SYN packets from random routers of the internet there is no bandwith left to actually communicate over.

One can solve this by blocking all the routers that are sending these SYN packets. But this will also mean you are actually blocking potential customers and real parts of the internet. If you did this succesfully and they realy want you as target its a easy job for the attacker to get a new list of routers and start over again.

because all that is happening is actually valid by the TCP/IP standard (handshacking) i dont know if there is actually one can do next to blocking and keep blocking these routers wich are only doing what they supposed to do. So it remains a tough problem. Verry time consuming and very valuable (traffic and engineering time). A host that can handle a DDoS? RDDoS? hrm.. think noone can, except block the sources and maybe write scripting to detect and prevent it by blocking. But still even if your firewall blocks it the line still gets consumed by invalid SYN/ACK packets thus resulting in loss of connectivity...

Regard, May

Expert Comment

ID: 16761679
the supplied description is applicable to a one node setup. Thus the setup most commonly used by MKB / home customers...


LVL 16

Expert Comment

ID: 16764060
No arguments there.  I just thought I'd mention how the really really big boys do it.


Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question