The flooding attack is used to overwhelm the server in some way for example using TCP SYN packets which reserves resources on the server for the connection or complete HTTP requests as executed by a bot net. It is closely related to DoS and DDoS attacks. Questions may be about preventing, detecting or even running (for testing purposes) such an attack.
Questions tagged [flooding]
60 questions
3
votes
2 answers
Isn't the behaviour of the switch to flood packets when it's MAC table is still empty dangerous?
If we have a switch with empty MAC table, and three hosts are connected to it - let's say host A, host B, and host C.
Host A sends something to host B, and switch remember on which port is host A, but it doesn't know where the host B is, so it…
![](../../users/profiles/45112.webp)
programings
- 751
- 1
- 8
- 14
3
votes
1 answer
how does a sip flood attack work?
I understand that SIP is an application-level protocol that is used to setup/modify/end communication sessions for things like VOIP and instant messenger. I also understand that users can send request messages (to other users?) and get responses…
![](../../users/profiles/9499.webp)
bernie2436
- 1,437
- 10
- 22
- 29
3
votes
1 answer
Why are some Bluetooth devices susceptible to ping floods and some are not?
Just for fun, I've ping flooded my bluetooth speaker at home using l2ping on Linux and I was unable to connect to it as the pinging continued. I've tried flooding my phone and it seems to have received the packets as I got a response (just like the…
user168683
3
votes
3 answers
TCP versus UDP resilience to DDoS
I am building a service that I can implement equally well with either TCP or UDP. If I use TCP, I expose vulnerability to SYN flood and other attacks on TCP protocol. If I use UDP, it will be harder to block UDP flood upstream without also…
![](../../users/profiles/88463.webp)
user1055568
- 171
- 1
- 4
2
votes
2 answers
How to create an anti-flood mechanism without leaving VPN's out?
I'm trying to protect my applications from some bots that are either malfunctioning or trying to take my sites down (lots of requests from the same IPs in the logs).
Every time someone requests an expensive or security-related action, I save the…
![](../../users/profiles/13602.webp)
ChocoDeveloper
- 141
- 3
2
votes
1 answer
COMMUNITY SIP TCP/IP message flooding directed to SIP proxy
I have installed Snort IDS and most alarm is:
"COMMUNITY SIP TCP/IP message flooding directed to SIP proxy"
And i use home DSL Internet connection , should i be worried about this alarm ?
I have read this article but i couldn't understand it…
![](../../users/profiles/24456.webp)
gold member
- 21
- 6
2
votes
2 answers
How to defend against HTTP request flood
What is the best way to defend your website against HTTP flood POST/GET attacks?
![](../../users/profiles/19775.webp)
user19775
- 191
- 2
- 4
- 9
2
votes
3 answers
Disadvantages of HTTP GET/POST Flooding Attack?
I asked about What is HTTP GET/POST Flooding Attack? recently and I got a few detailed answers about what they are and how they work.
Now I want to find out what are the disadvantages of them.
![](../../users/profiles/19775.webp)
user19775
- 191
- 2
- 4
- 9
2
votes
2 answers
Is there any working solution against large SYN Flood request?
Fighting against a large SYN Flood attack that is happening every 2 minutes repeatedly.
During attack, number of syn-rcv is between 290-550
ss -n state syn-recv sport = :80 | wc -l
CPU 100% (htop output)
Tried cloudflare firewall, not helping at…
![](../../users/profiles/182645.webp)
Tuhin A.
- 121
- 1
2
votes
1 answer
DNS flood vs DNS Amplification attack: How is one considered a network/transport layer attack and the other a application layer attack?
I am reading a survey on DDoS attacks and they describe how these attacks can be classified by either Network/Transport level attacks and Application level attacks. In their examples, they classify DNS flooding as network/transport and DNS…
![](../../users/profiles/169004.webp)
dapirateking
- 71
- 5
2
votes
1 answer
Question about ipsec prevent SYN flooding attack
how IPSec prevents SYN flooding attacks Like if A is sending packets to B using IPsec. Suppose B’s TCP ack gets lost, and A’s TCP retransmits the packet since it assumes the packet was lost. Will B’s IPsec implementation notice that the packet is a…
![](../../users/profiles/167908.webp)
aaaabel
- 21
- 2
2
votes
1 answer
Why MSS is needed in SYN cookies?
I was reading RFC4987 describing SYN cookies and seems Maximum Segment Size (MSS) is encoded in the SYN cookie and I am not sure why that is the case? Can someone explain why we need the MSS in the SYN cookie?
![](../../users/profiles/90483.webp)
Human
- 121
- 2
2
votes
2 answers
Hping and spoofed DDoS (or DoS?) what do -U and -P mean?
Recently I set up 2 virtual machines with Mint 18 inside, to practice and analyze some DDoS attack types. For now on, I'm using hping3 to perform some simple DDoS (or I should say, DoS attacks, since there's only one VM against another).
I read a…
![](../../users/profiles/27830.webp)
mazix
- 195
- 1
- 7
1
vote
1 answer
Router detecting constant ack flood attacks and port scans
I first noticed this yesterday in my logs - while I was configuring the router settings, so I don't know how long it's been going on. What should I do? I reconfigured my router with more secure settings, changed my password and it's still happening.…
![](../../users/profiles/70407.webp)
Calisto
- 67
- 2
- 2
- 7
1
vote
1 answer
DOS attack to increase packets received from a single request?
Is there any attack out there that can be implemented where a single request to a server i host for example responds by sending the same file say 20 times back ? the idea behind the attack is to DOS tor nodes which are hosting the stream, this…
![](../../users/profiles/53601.webp)
Rich
- 11
- 1