mailing list archives
Re: DoS Attackers using only udp and icmp protocol?
From: krymson () gmail com
Date: 9 Feb 2007 20:15:50 -0000
TCP DoS attacks are quite common, especially SYN floods. Because systems listening on TCP for the 3-way handshake have
a time-out while they wait for the completion of the handshake after a SYN is first received, you can exhaust resources
on the system be flooding lots of SYNs and just not completing the handshake. You could even complete the handshake and
flood that way as well.
I will throw an opinion out that might be wrong, but I feel TCP-related floods tend to be aimed at exhausting
TCP-listening resources on a target. UDP and ICMP floods tend to also target saturation of the target's network
<- snip ->
I have monitored that some DoS attack which generates large bps(over 1Gbps)
against my network.
and I can see that all dos related packets are udp and icmp not tcp.
In the point of view attacker,
Is it impossible that generates lots of packets and large packets using tcp
without 3 way handshake?