From: Christian Weisgerber (naddy@mips.inka.de)
Date: Sat Mar 22 2003 - 19:47:03 MST
Brett Paatsch <paatschb@ocean.com.au> wrote:
> I also wonder how useful spam attacks of the above sort might be
> as a means of stopping communication between particular users.
>
> I.e how hard it is to stop someone getting replies in a timely way by
> overwhelming their isp?
Attacking an individual by flooding their ISP with spam doesn't
make much sense.
If you want to attack an individual, just direct lots of mail at
them specifically. "Mail bombing" is a time-honored technique. If
you send me 10,000 junk messages a day, this will tax neither my
ISP nor my personal technical setup. It will totally overwhelm my
human ability to read and sort mail, though.
In order to attack an ISP, mass mail is rather ineffectual. To
send each message, a full TCP connection must be set up. Apart
from tying up resources at the sending end, this requires bidirectional
traffic, revealing the actual addresses performing the attack, which
can be easily blocked at the border gateways.
Typical attacks against anything from single machines on the net
up to whole ISPs consist of massive amounts of TCP SYN (connection
setup) or ICMP ECHO (ping) packets sent with randomized originating
addresses. Answering packets are sprayed in all directions and
never return to the attackers. This ties up more resources at the
receiver than at the sender. It is also virtually impossible to
track this back to its originating hosts, especially if numerous
widely separated sources are employed.
-- Christian "naddy" Weisgerber naddy@mips.inka.de
This archive was generated by hypermail 2.1.5 : Sat Mar 22 2003 - 20:39:29 MST