Author Topic: Network Flooding  (Read 4147 times)

0 Members and 1 Guest are viewing this topic.

Offline deadly7

  • 42
  • x86
  • Hero Member
  • *****
  • Posts: 6496
    • View Profile
Network Flooding
« on: October 16, 2005, 09:05:42 pm »
Quote
You need to initiate a connection first... and if you send a SYN packet with the spoof source address of Battle.net, it's going to send a RST back to Battle.net..

Not if theres nothing to be responded to. IIRC, a client doesn't send back SID_IRecievedYourBroadcastAndImLettingYouKnow. =p

TCP != UDP.

You can't send a packet to a computer and assume it'll get there. Because you can't send the packet in the first place without initiating a connection (via SYN).

The server has to acknowledge your syn (through SYN/ACK sent back to you).
So is that how SYN/ACK floods on servers work?  You send a massive amount of data to a website, and it responds back to each and every request/packet sent, thus killing the bandwidth?
[17:42:21.609] <Ergot> Kutsuju you're girlfrieds pussy must be a 403 error for you
 [17:42:25.585] <Ergot> FORBIDDEN

on IRC playing T&T++
<iago> He is unarmed
<Hitmen> he has no arms?!

on AIM with a drunk mythix:
(00:50:05) Mythix: Deadly
(00:50:11) Mythix: I'm going to fuck that red dot out of your head.
(00:50:15) Mythix: with my nine

Offline rabbit

  • x86
  • Hero Member
  • *****
  • Posts: 8092
  • I speak for the entire clan (except Joe)
    • View Profile
Re: New Feature
« Reply #1 on: October 16, 2005, 09:07:12 pm »
Quote
You need to initiate a connection first... and if you send a SYN packet with the spoof source address of Battle.net, it's going to send a RST back to Battle.net..

Not if theres nothing to be responded to. IIRC, a client doesn't send back SID_IRecievedYourBroadcastAndImLettingYouKnow. =p

TCP != UDP.

You can't send a packet to a computer and assume it'll get there. Because you can't send the packet in the first place without initiating a connection (via SYN).

The server has to acknowledge your syn (through SYN/ACK sent back to you).
So is that how SYN/ACK floods on servers work?  You send a massive amount of data to a website, and it responds back to each and every request/packet sent, thus killing the bandwidth?
What are you blabbing about?  Everyone knows it's good old magic what with the magicness and all.

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: New Feature
« Reply #2 on: October 16, 2005, 09:50:28 pm »
Quote
You need to initiate a connection first... and if you send a SYN packet with the spoof source address of Battle.net, it's going to send a RST back to Battle.net..

Not if theres nothing to be responded to. IIRC, a client doesn't send back SID_IRecievedYourBroadcastAndImLettingYouKnow. =p

TCP != UDP.

You can't send a packet to a computer and assume it'll get there. Because you can't send the packet in the first place without initiating a connection (via SYN).

The server has to acknowledge your syn (through SYN/ACK sent back to you).
So is that how SYN/ACK floods on servers work? You send a massive amount of data to a website, and it responds back to each and every request/packet sent, thus killing the bandwidth?

Not quite, and off topic. If you want to ask the entire community and open the subject to conversation, please create a new thread. Otherwise, please contact someone personally about it for an explaination.
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline Eric

  • Full Member
  • ***
  • Posts: 304
  • I'm new here!
    • View Profile
Re: Network Flooding
« Reply #3 on: October 17, 2005, 03:02:46 pm »
Quote
You need to initiate a connection first... and if you send a SYN packet with the spoof source address of Battle.net, it's going to send a RST back to Battle.net..

Not if theres nothing to be responded to. IIRC, a client doesn't send back SID_IRecievedYourBroadcastAndImLettingYouKnow. =p

TCP != UDP.

You can't send a packet to a computer and assume it'll get there. Because you can't send the packet in the first place without initiating a connection (via SYN).

The server has to acknowledge your syn (through SYN/ACK sent back to you).
So is that how SYN/ACK floods on servers work?  You send a massive amount of data to a website, and it responds back to each and every request/packet sent, thus killing the bandwidth?

Usually the goal is to max out the number of possible outstanding connections thus preventing any future connections from taking place or in older computers, causing a buffer overflow, however quite a bit of bandwidth does get consumed in the process.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Network Flooding
« Reply #4 on: October 17, 2005, 06:59:37 pm »
To elaborate a little more on what LoRD said:

SYN = Synchronize
ACK = Acknowledge

The initial TCP connection to a computer, affectionately known as the "three-way handshake", goes like this:
You send a SYN packet to a computer, which is like saying, "Are you there?"
The computer responds with SYN/ACK, which is like saying, "Yes, are you?"
Finally, you send it just ACK, which is like saying, "Yes, thanks"

(Think about that commercial for some wireless company, "Can you hear me now?" "Yes" "Good.".  It's basically the same thing)

Every time a SYN packet is received, the computer gets ready for a new connection.  It allocates some space, initializes some variables, and whatever else it has to do. 

If you send it lots of SYN's all at once, it's going to take a lot of processing time/space to look after them all, and often, they start to get dropped.  If you continually send it lots, when a legitimate connection is made, the legimate connection might be dropped (ignored) because it just doesn't have enough space to process it all. 

One nice thing about this attack is that you don't actually need to send it with the proper return address.  If you forge the return address, then the computer you're sending the SYN to will still build the connection, but it will reply with the SYN/ACK to the wrong place.  But who cares?

As LoRD said, the idea ISN'T to consume bandwidth, it's to consume resources by trying to build lots and lots of connections. 

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: Network Flooding
« Reply #5 on: October 19, 2005, 09:52:55 pm »
*rubs hands together*

Sounds fun.
I'd personally do as Joe suggests

You might be right about that, Joe.