Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Suppose as an attacker i want to carry out a Ping or SYN Flood attack.. I can ch

ID: 659900 • Letter: S

Question

Suppose as an attacker i want to carry out a Ping or SYN Flood attack..

I can change the source IP of the packets generated at my machine to a false/spoofed public IP address so that replies go to that spoofed IP to avoid detection.

A WiFi router or any device for that matter .. would it drop the packet if source IP was a spoofed public IP or does it forward the packet to the destination or does NATing take place and the reply comes back to the router public IP address?

How would IP Spoofing work in this case? ..what is the general behavior of networking devices here

Explanation / Answer

It depends on your router settings.

- If your router have filtering in place, it will drop the packet, as it's source address is not from any networks known by the router. I usually configure my gateways/firewalls/routers to do this.

- If your router does not have any filtering (the most common scenario) it will change the source address on the packet to its own address, and put an entry in an internal table to "remember" to which connection the packet belongs. As soon as it gets a response, the router will look at that internal table to see where to send the packet. As the address is not from any internal network, the router will send the packet away to the default gateway.

Edit: DDoS botnets generally don't rely on this method. They generally consist of dozens (or hundreds) of thousands of infected computers, waiting a command to attack some site. When the command arrives, all infected computers connect to the same site at once. If a botmaster have 100.000 bots on its network, each one with an average 4mbps downlink, it can theoretically generate 400Gbps of traffic.

There's another DDoS method, called amplification. It works by faking the source and sending a packet to a service that returns more data than it was send. DNS and NTP are the most common abused protocols. DNS amplification uses about 60 outgoing bytes and often results in over 4k bytes returning. Its a 70:1 ratio.

In this case, a very small botnet (10.000 bots with average 4Mbps connection) can generate enough traffic to knock down lots of sites.

Related Questions

Suppose an ocean-front hotel rents rooms. In the winter, demand is: P1 110-20, M
Question #1112751
Suppose an ocean-front hotel rents rooms. In the winter, demand is: with margina
Question #1216185
Suppose an office supply store increased its price of file folders from $.79/box
Question #1257398
Suppose an oil embargo results in a 33% decrease in the supply of gasoline in th
Question #2441211
Suppose an old flashlight battery shows a voltage of 1.45 V when the probes of a
Question #2159874
Suppose an online retailer identifies each member with a 7-digit account number.
Question #3910301
Suppose an operon has the following characteristics: (1) The operon codes for st
Question #91015
Suppose an organisation has 20 employees who work, on average 8 hours each day,
Question #3882596
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Suppose as a manager of a profitable department store you are confronted with a
Next
Suppose as before that average income increases from US$5,000 to US$5,500 and th

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.