North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: DDos syn attack
On Mon, 30 Dec 2002, Christopher L. Morrow wrote: > wouldn't dns lookups be a bit time consuming and introduce a dos on the > dos ?? if you had to look up each time you crafted a packet it'd take alot > more effort to pound out 100kpps, no? Most of the flooders I've seen (I'm > no programmer so I may be wrong on this) actually do a lookup to ip for > the dest and just start making packets, never rechecking the name->ip > mapping once its done the first time. I remember a long time ago I wrote an app to reverse IP's and there definately is a delay looking up addresses. And you're right it would kill performance of the attack if they looked up the addresses each time, so they do cache the entries. But lucky for us none of the coders have thought to do lookups at regular intervals or better yet that with threading they can use one thread for the attack and one thread to monitor the DNS entry. Andrew --- <[email protected]> http://www.andrewsworld.net/ ICQ: 2895251 Cisco Certified Network Associate "Learn from the mistakes of others. You won't live long enough to make all of them yourself."