[asterisk-dev] Asterisk servers as UDP amplifier
Steven Critchfield
critch at basesys.com
Tue Apr 18 09:03:50 MST 2006
On Tue, 2006-04-18 at 17:30 +0200, Matt Riddell (IT) wrote:
> Edwin Groothuis wrote:
> > The DNS attack has an amplification of 100 times: for every fourty
> > bytes send, 4000 bytes were sent out.
>
> Yeah, and if you send a request to a web server, you could amplify the
> sent data millions of times...
While I am probably missing some of the details, the web server doesn't
usually listen on UDP and therefore wouldn't be the same.
The problem being mentioned here is that the nature of UDP being
connectionless is that I can spoof your address and that extra payload
will still be sent to you.
In TCP, like what the webserver listens on, you have to have a handshake
of small packets before the file would be sent back. This would stop you
from sending the payload to someone else.
The attack basically should work on any UDP based protocol. The idea of
sending a spoofed packet, and even an error response is larger than the
original packet means that you could have a small byte count going out
to various services getting amplified to large distributed payloads
coming back down someones pipe.
--
Steven Critchfield <critch at basesys.com>
More information about the asterisk-dev
mailing list