DDos syn attack

Andrew Dorsett zerocool at netpath.net
Mon Dec 30 18:14:38 UTC 2002

On Mon, 30 Dec 2002, Christopher L. Morrow wrote:

> wouldn't dns lookups be a bit time consuming and introduce a dos on the
> dos ?? if you had to look up each time you crafted a packet it'd take alot
> more effort to pound out 100kpps, no? Most of the flooders I've seen (I'm
> no programmer so I may be wrong on this) actually do a lookup to ip for
> the dest and just start making packets, never rechecking the name->ip
> mapping once its done the first time.

I remember a long time ago I wrote an app to reverse IP's and there
definately is a delay looking up addresses.  And you're right it would
kill performance of the attack if they looked up the addresses each time,
so they do cache the entries.  But lucky for us none of the coders have
thought to do lookups at regular intervals or better yet that with
threading they can use one thread for the attack and one thread to monitor
the DNS entry.

<zerocool at netpath.net>
ICQ: 2895251
Cisco Certified Network Associate

"Learn from the mistakes of others. You won't live long enough to make all of them yourself."

More information about the NANOG mailing list