[nsp-sec] Revisiting the DDOS Route Server project
Hank Nussbacher
hank at efes.iucc.ac.il
Thu Aug 13 02:19:56 EDT 2009
At 02:06 13/08/2009 -0400, Seth Hall wrote:
>On Aug 13, 2009, at 12:59 AM, Hank Nussbacher wrote:
>
>>The botherder doesn't care for the bots to check-in. He knows they
>>are out there, some listening, some not, and waiting for his wake-up
>>call. One simple UDP packet and he instructs them all to attack.
>
>Are you thinking that they might send that single UDP packet to every
>IPv4 address to compensate for not doing checkins?
Spraying a single UDP packet to every IP out there (not the full
0.0.0.0-255.255.255.255 - but rather knowing which /8s to hit), could
easily be done in a very short period of time, won't require much b/w and
probably won't be detected if using a Chris Morrow selected UDP port :-)
-Hank
> .Seth
>
>---
>Seth Hall
>Network Security - Office of the CIO
>The Ohio State University
>Phone: 614-292-9721
More information about the nsp-security
mailing list