It's a matter of degree/time/ resources. SYN Flood will probably kill your servers faster that it will fill your bandwidth, but long after your servers are consumed with half-open sessions, the attacker will still be sending the SYN Flood. After all, the source address on the SYN packets is spoofed, so the attacker will not be waiting for a response from your servers to send a new SYN...
the minimum size for a SYN is 40-bytes (IP and TCP headers) + link overhead. For Ethernet, you have a minimum 64-byte frame size. The default size for an ICMP ping is 64-bytes (IP+ICMP+data + Ethernet header). No difference in length. A Smurf can use "amplifying reflectors" to take up more bandwidth faster -- although a lot of people have fixed their networks so that doesn't work anymore. Each SYN packet has to be sent individually by the attacker (or the attacker's slaves). ==================== As you know, when I received smurf attack which is icmp based attack, the bandwidth is full. But when I receive syn flooding attack, the bandwidth is full or not? As my test, the syn and ayn+ack packet size is 0. So I think that the syn flooding attack has no relations with bandwith based attack? right? Thanks in advance. __________________________________________________________ Outgrown your current e-mail service? Get 25MB Storage, POP3 Access, Advanced Spam protection with LYCOS MAIL PLUS. http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus
