At 09:03 AM 4/18/01 -0400, BASSOLE Rock wrote:
>Hello People,
>
>
>We currently putting security into our Border Routers. We intend to protect
>ourselfs form smurf, anti-spoofing and SYN Flood attacks. Can somebody tell
>me what is the difference between DDoS and DoS. I have another question what
>are matians Networks??.
>
>Regards.
>
>Rock BASSOLE
DDoS == Distributed Denial Of Service
DoS == Denial of Service
DDoS usually occurs when a hacker has trojanned a lot of hosts all around
the universities.... er.. internet. They run a special zombied trojan
which will attack when the master signals for it. So, the DoS comes from a
multitude of places as opposed to one guy who may or may not have spoofed
his IP. (usually spoofed).
DoS is just a one man show usually. In general, the DoS has to work on
some resource exhaustion mechanism that is efficient for the
attacker. Most attackers usually do not have access to the raw bandwidth
needed to take down hosts with access to big pipes. A DDoS somewhat avoids
this (or can use the same methodology), just they have more firepower now.
Default installed Linux boxes, unfortunately, are usually subject to being
'trojanned' and turned into a zombie. (using your typical kiddie script,
hacking into the box, planting the trojan, and going).
The zombies need to communicate with their masters, so depending on which
DDoS we are talking about, you can sometimes catch their communication. Or
you can just portscan your own hosts to check. But that might not catch
Trinoo (communicates through ICMP types 0, 8).
http://www.cisco.com/warp/public/707/newsflash.html
-Carroll Kong
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=1086&t=1079
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]