Mailinglist Archive: opensuse-security (232 mails)

< Previous Next >
Re: Under DDoS Attack
  • From: Stefan Tichy <s.list@xxxxxxxxx>
  • Date: Thu, 27 Oct 2005 22:41:03 +0200
  • Message-id: <20051027204103.GC26682@xxxxxxxxxxxxxxxxxx>
On Thu, Oct 27, 2005 at 04:23:27PM +0200, media Formel4 wrote:
> Question is:
> - Is it possible with spoofed IP numbers to establish connections to
> port 80? As far as I know you should get stuck after "SYN".

If Syn cookies are enabled it could be done by blind connection
forgery. Sending lots of pakets containing random data instead of
real cookie content could result in very few connections. Not an
appropriate method to start some DoS attack.

> I'm asking that, because tracing back the IPs in question I find very
> often unrouted areas and non-reachable (but maybe firewalled) IPs.

What if someone managed to compromise a router nearby?

Stefan Tichy ( s.list at pi4tel dot de )

< Previous Next >