Everybody's heard about DDoS attack with 602Gbps Bandwidth that crashed BBC site, But is really Botnets and hacked servers can implements an attack in this scale ?
Asked
Active
Viewed 291 times
2 Answers
3
It may be possible, but attackers usually relies on an amplification attack to ensure the traffic coming from the botnet is much more effective.
Amplification attacks are easily implemented on udp protocols where the source IP can be trivially spoofed as there is no three way handshake to establish a connection. If a udp protocol allows you to receive a large packet in response to a small packet you have an amplification. Past examples of these are DNS and NTP queries. The attacker then spoofs the vicitm's IP and sends out the requests, the much larger responses are then sent to the victim's IP causing the DDoS through bandwidth saturation.
wireghoul
- 5,745
- 2
- 17
- 26
-
2Do you have any reference to state that DDoS attacks *usually* rely on amplification attacks? I know that there have been many of those, but I'm not sure enough to say *usually*. – Neil Smithline Feb 03 '16 at 01:02
-
1I should probably update to say the BIG ones do. Still amplification attacks dating back also rely on it, smurf is a great historical example where single dialup user could take down large networks. Some recent references: http://www.techworld.com/news/security/worlds-largest-ddos-attack-reached-400gbps-says-arbor-networks-3595715/ and https://www.akamai.com/us/en/our-thinking/state-of-the-internet-report/ – wireghoul Feb 03 '16 at 01:49
2
Botnets are usually part of a collection of hacked servers, but there are also websites / programs where people host DDoS platforms so they can "participate," such as the Low-Orbit Ion Canon.
Regarding DDoS attacks, the bandwidth of the attack is only limited by the size of the bot net, and their combined available bandwidth. There's nothing magical about that.
Mark Buffalo
- 22,498
- 8
- 74
- 91