Cody
08-17-2001, 05:51 AM
I was just reading Hacking Exposed 2nd Edition one day, and I thought of something: would this be a new type of DDoS attack?
This attack requires 3 things:
A. The cracker's computer, or the infected one.
B. An "innocent" computer w/ fast Internet.
C. The target system.
From now on, I will refer to the systems by their numbers. Ok...
Suppose this. (A) sends a SYN packet to (B) with the source IP of (C). We will now give A an IP of 1.1.1.1 B an IP of 2.2.2.2 and C an IP of 3.3.3.3
Here is it "dirtified":
SYN <FROM: 3.3.3.3 TO: 2.2.2.2>
SYN/ACK <FROM:3.3.3.3 TO: 3.3.3.3>
ACK <FROM: 3.3.3.3 TO 3.3.3.3>
Now imagine hundreds and hundreds of 1.1.1.1's out there (systems infected with something similar to SubSeven that would allow you to send SYN ACK packets) doing this all to one server (A and B could be any system, but the target the same)....
That could probably crash a server pretty quick. This would also work with any type of UDP or TCP/IP connection that requires a response similar to SYN SYN/ACK ACK
This attack requires 3 things:
A. The cracker's computer, or the infected one.
B. An "innocent" computer w/ fast Internet.
C. The target system.
From now on, I will refer to the systems by their numbers. Ok...
Suppose this. (A) sends a SYN packet to (B) with the source IP of (C). We will now give A an IP of 1.1.1.1 B an IP of 2.2.2.2 and C an IP of 3.3.3.3
Here is it "dirtified":
SYN <FROM: 3.3.3.3 TO: 2.2.2.2>
SYN/ACK <FROM:3.3.3.3 TO: 3.3.3.3>
ACK <FROM: 3.3.3.3 TO 3.3.3.3>
Now imagine hundreds and hundreds of 1.1.1.1's out there (systems infected with something similar to SubSeven that would allow you to send SYN ACK packets) doing this all to one server (A and B could be any system, but the target the same)....
That could probably crash a server pretty quick. This would also work with any type of UDP or TCP/IP connection that requires a response similar to SYN SYN/ACK ACK