On Thu, 24 Oct 2002 17:30:18 -0500 "David A. Bandel" <[EMAIL PROTECTED]> wrote:
True, but simple or not, it would have given much more of a fighting chance. I'm pretty sure that the DNS systems go toes-up a whole lot quicker than the pipe would get filled. I'm just surprised that the DDOS was staged using ICMP at all. If you're going to attack the root DNS servers, wouldn't it be more logical to generate queries to UDP/53? That would be a lot more difficult to block. DDOS-ing a server IP stack is still tons easier than filling a pipe to NASA, the government, or any of the other root-server maintainers. A server process would be a lot easier still. > Not quite that simple. > > Just because you are dropping ICMP packets doesn't mean your pipe's not > full. True, they'd have to send twice as many packets to get the same > effect, or double the packet size, which is simple (since your system > isn't acting as its own worst enemy by generating more packets). Your > system also is processing those packets (dropping them). So would have > to be an upstream router (several actually) dropping those incoming ICMP > packets for this to work. _______________________________________________ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
