IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [flooding]

The flooding attack is used to overwhelm the server in some way for example using TCP SYN packets which reserves resources on the server for the connection or complete HTTP requests as executed by a bot net. It is closely related to DoS and DDoS attacks. Questions may be about preventing, detecting or even running (for testing purposes) such an attack.

60 questions
0
votes
2 answers

If HTTPS only runs on a single port, why is SYN flooding an issue?

I've read online that SYN flooding is when "the attacker sends repeated SYN packets to every port on the targeted server." However, HTTPS only runs on port 443. Therefore, why is it productive for an attacker to target "every port" if only port 443…
Guy4444
  • 47
  • 2
0
votes
0 answers

MAC Flooding detection

I am interested in the metrics of the attack. Is there any packet rate that can be considered a reasonable threshold to detect this attack from traffic perspective? Or this is completely connected to the limits of the hardware?
ystv
  • 13
  • 2
0
votes
1 answer

Is it possible to DDos a http wan filterd router?

Like the service is there but it's just filterd enabled for lan access only .. what will happen ?
MoooonX
  • 15
  • 4
0
votes
0 answers

Can jumping to a new SSID be a solution for flood attacks?

If an attacker can access inside my network in any way and make a UDP or ICMP flood attack on any point of the network (server, client or router), can I prevent this attack transiently with jumping on another available ssid on the same router? I'm…
user3241429
  • 1
0
votes
1 answer

Are NTP servers without monlist still dangerous?

I've been studying DOS flood attacks, namely NTP and DNS floods. I know that monlist is the primary factor in launching these sorts of attacks, but I have one question. The problem is are these servers still dangerous without it it enabled? I mean…
Practical1
  • 125
  • 5
0
votes
3 answers

Is it possible to "close" a port by dos'ing it?

If I see port 25 is open, but I dont have access to the program running the smtp server, could It be flooded with enough information to make it unusable (but not affect any other services)?
November
  • 505
  • 1
  • 5
  • 12
0
votes
1 answer

Monitor incoming TCP/UDP flood attack and graph it

I'm preparing a presentation on a security issue and want to include a demonstration. It won't be in real time, I just need to show some pictures of the results. I have some VPSes that will perform a tcp or udp flood attack simiultanesly on another…
Ion
  • 646
  • 5
  • 11
0
votes
1 answer

Mitigate DDoS attacks by randomly blocking traffic during the period of detection process

I'm currently working on a project that builds a defense system against HTTP GET Flooding attacks. When DDoS attacks occur, traffic volume to a server suddenly increases to be far more than the normal range. However, because the detection process…
Sarah G.
  • 121
  • 6
0
votes
3 answers

Why can't the Router devices worldwide block automatically malicious packets?

Maybe I am wrong but Routers should be able to see if requests are doing many attempt of connection on same port (Brute Force/DDoS) if requests are targeting all ports of a computer (port scanning) and maybe more things that is easy to see as not…
Froggiz
  • 301
  • 1
  • 10
-1
votes
4 answers

Tools for performing HTTP FLOOD attack?

I'm looking for tools which can perform HTTP FLOOD ATTACK . I seached a lot and this is the only tool I've found DoSHTTP. Does anyone know another tool? I want to test them on my localhost to find which one is the best.
user19775
  • 191
  • 2
  • 4
  • 9
-1
votes
3 answers

Hping3 doesn't work?

I was trying to perform a SYN flood attack, and I was using hping3. This is how the command looks like : sudo hping3 -S -a 192.168.100.88 --flood -p 80 192.168.100.15 Where 192.168.100.88 is a non-existing IP address. The attacked server should…
Elvin
  • 113
  • 1
  • 1
  • 4
-1
votes
2 answers

What do DoS/ DDoS TCP SYN Floods and Layer 7/HTTP floods look like on a firewall log?

I am looking for some examples of log files for DoS or DDoS attacks that show a SYN Flood or a HTTP/Layer 7 Flood. I have had a google, but can't seem to find anything. Would the incoming packet sizes differ between a SYN Flood and a Layer 7…
Rayray
  • 3
  • 1
-2
votes
1 answer

Why does hping3 test DoS not successfully?

I used hping3 to stress test a web app (DoS): sudo hping3 -S --flood -V -p 80 [IP addr/url] When I attempted to get access to the target web application through my network, it refused to connect with the error This site can’t be reached. [website…
sanba06c
  • 103
  • 9
-2
votes
2 answers

SYN-flood to the localhost Apache server

I've set up the apache server on localhost (127.0.0.1). I've downloaded PackETH to perform a DoS attack. So PackETH wants MAC-HEADER of the destination and source. And I don't know, where to find them.
Elvin
  • 113
  • 1
  • 1
  • 4
-3
votes
1 answer

Random scanning or potential attack/recon?

If the purpose of a SYN Flood attack would be to make the target unresponsive to normal traffic, same as any other DoS, wouldn't this attack generally have been directed at a public server rather than a private user; what would be the thinking…
FurryWombat
  • 125
  • 5
1 2 3
4