+++ harsh achrekar [25/02/04 14:45 +0000]:
friend i am a B.E. student from vivekanand college of engineering and is currently working on a project in linux ----" Distributed Denial of Services"---
i am using click router for detecting spooped ips and discarding packets from them.i have already patched the software router in kernel mode and its working fine.
my problem starts with what next i do to simulate ddos attack and use ingress and egress algo to filter packets from multops structure which stores every packet before forwarding to next router
plz suggest my future course of action
u can mail me at hdachrekar@hotmail.com _________________________________________________________________
All the news that matters. All the gossip from home. [1]Specially for NRIs!
References
If your click router is scripted correctly you could possibly use a packet injection tool to introduce packets directly into your kernel stack. there are many such tools out there look on packetstorm or something. Also what i fail to understand is that a spoofed tcp/ip packet would anyways be dropped by your kernel stack as it wont be able to do the 3 way handshake as the returing ACK's would go into oblivion. UDP could possibly get throught but again replies would never reach the spoofer. on top of all this the basic intent of DDOS attacks are just to exhaust resources and even if your kernel drops the packet your bandwidth resource is already tied up so they the attacker has anyways achieved his goal.