We recently had an attack launched from a clients server, which took down the upstream router. The scary thing is that this client is quite tech savvy and fairly good with security concerns, so it can definitely happen to anyone. The funny thing about this attack is that the people launching it haven't learned one of the basic rules of biology: A parasite should never kill it's host.

These attacks, launched from a program oddly called "stealth", end up hitting the network so hard that you don't just notice, it's impossible to ignore. I took one sample from the system, and it was using 100% CPU on a P4 3GHz system and was pushing out over 400,000 packets per second at a rate of 142mbps. 142mbps isn't really a lot of traffic, the thing that made the router fall over was that they were 43 byte packets.

Routers have problems with quantity of packets more than quantity of data. That's why much networking gear is rated in packets per second it can handle.

It exceedingly easy to detect and mitigate these sorts of attacks. That's the good news. We will be implementing such a solution over the next week or two.
(Post Reply)