Distributed Denial Of Service Attacks

From BCP38
Jump to: navigation, search

Distributed Denial Of Service Attacks differ from the normal sort in that the source of the attack is itself 'distributed'; instead of coming from one machine, it comes from a large number; hundreds, thousands, or millions, generally with command and control from one or many points, often in a 'botnet'.

This sort of attack is more difficult to mitigate than the usual type because there's often no good choke point at which to drop the incoming attack packets -- and they may come in slowly enough from each attacking host that you can't even tell they're an attack; they may be valid requests, just in unsupportable numbers.

Whether the attack is distributed or not, though, the attacker may make it even harder to shut down by obscuring the source of the attack -- by spoofing the source IP addresses in the attack packets.

This is the part of the picture that BCP38 addresses: making those spoofed packets fall on the floor before entering the Internet at large.

Personal tools