Dear Julian Totzek,
Considering this :
JT> I don’t want to get a bandwidth overload, I just want
JT> to show that the server is not able to handle all the syn packets.
I don't understand this :
JT> We only have a 2Mbit line here in the office, so if I need to
JT> flood a 10Mbit line there will not be enough packets to do this,
JT> right?
If you send SYN packets to an open port with active services you won't
need a 2mbit line to DoS a 10mbit line, except of course your into
traffic exhaustion which your first statement however negates.
JT> The third question is what will be the side effects if I send
JT> packets with spoofed sources?
If the spoofed sources exist they will be flooded with SYN+ACKS or FIN
packets from the host you attack. You might one to choose to spoof an
IP which isn't alive.
JT> As you all know I don't a answer to
JT> my packets, but would it be a DDos to all spoofed sources then?
Depends on how often you change the decoys (spoofed ingress addresses)
JT> How can you ensure that only the main target is getting flooded?
Testen testen testen.
--
Thierry Zoller
mailto:Thierry_at_sniff-em.com
Received on May 09 2005
Intro
