Re: [Hampshire] Packet flooding tools or techniques

Rik <hlug090104@???> wrote:
> A gentleman of ill repute once mentioned this
> which also spoofs the source IP - I cannot say
> that I have tried it myself so it may be
> worthless;
>
> hping -a 10.10.10.3 -S 10.10.10.10 -p 80 -i u10000

That's roughly what I was doing, although I
believe the --faster switch is equivalent to -i 1.

That just wasn't fast enough to tax the Cisco
7200, even with CEF turned off.

> There is also a program (scan Freshmeat) called
> 'TCPJunk' which is a much noisier offering.
> Again I've not tried it, it just comes up in
> discussion.

I'll have a look at that, thanks.

As an ISP, our response to DoS attacks is a little
different to that of people hosting services, for
example. With about 40k DSL sessions, and multiple
Tier 1 connections, there's no way to fully defend
against packet floods. We're looking at damage
minimisation - the target is probably going to
drop off-line, but we want to make sure that the
L2TP tunnels stay up and BGP keeps working so that
other customers aren't affected.

Nick.

--
Nick Chalk ................. once a Radio Designer
Confidence is failing to understand the problem.