imagine a worm if you will, spreading through iis, netbios, sql, exchange, .asp pages, samba, aim file exploit, and a false ms update, the purpose, only to wait until a certain time to start randomly pinging every host on the internet. Seem impossible? Right now there are over 100,000 bots that i have seen, many more which i have not, or are not public, most of which compromised by the methods ive said. 100,000 machines sending an average of 1000k/sec (average from oc-3 to dsl/cable), would create a mass flood of 1000MB/s, as servers stall, more drop, and the internet becomes a standstill. Think my figures are exagerated? I dont beleive so, seeing how many fast servers/iis/exchange have been compromised, this massive DDoS could drop the internet.

thats why it should be ok to root lamers :)

in theory that is a nice idea... but for it to work... seems unlikely

in my opinion its because ICMP is so useful yet so hard to control. you can flood the hell out of someone and its hard to stop because of the nature of the thing. Like when yahoo was attacked, its hard to stop because even if you block it, the firewall is taking processes to tell it no and so in one way or another its still able to flood.

Some firewalls let you limit hot many pings you can have ine a certain amount of time but i duno how well this works yet because no ones flooded me in the last week since i put it on....hmmm, ill have to test that and let you all know.

Meh, if you change it from Ping to a fake SYN you all of a sudden amplify your attack by a factor of 4 atleast....the servers attemting to find the source as well as the agregation through well rooted routers (heehee) would cause massive amounts of traffic....all in all...well over 1000Mb/s I'm thinkin 5-6Gb/s or above that even.....the thing is...if you where smart about it...you would incoorperate an OS detect into your Worm so that you could infect Dialup's with only what they needed...thus making millons to weak bot's...but when combined...well....it would be a shit-storm like no other...

- Noia

*near end of movie "hackers"*

Boss: Whats going on plague?

Candy Ass Lamer: A shit storm duke

lol.

It's not really because ICMP is hard to control... It's probably easier to control then a stream of UDP packets. A firewall can theoraticaly drop everything without sending a reply or even bother about it more then 1*10^-9 sec, but if one just sends 1000 MB/sec random 100101010010010111 the 4 MB downstream cable connection of yours just can't handle it. Whatever the firewall does, the junk first has to go through that 4 MB pipe before it ever reaches the firewall. Much stronger connections then cable can be "slowed down" so much by sending crap you just can't reach the servcies anymore. The servers stay up (unless the router overheats or the like), but you can't reach it. About taking out the internet with those DDoS attacks is a bit exagerated I think. We are all DDoSing the internet every day with our crap data getting p0rn vids and spam. The amount of bots not is the same as the ammount of compromised servers and even then it's sometimes not even enough to "take out" one webserver. The internet is designed to handle so freaking much data... I think, unless you attack specific targets, you have to have so freaking much combined bandwith the even slow down the internet... ow well... I'm talking like everyone can see I'm not a natice english speaker again... I'd better quit already...

very true, unlikly? if fizzer had been used for what i described, or if the sql worm had hid itself better, it could have easly done the same thing. Its better to preair for something that is going to happen, than to ignore it and assume that it wont happen. Yea, using ACK SYN or a basic SYN flood, it would be a horrible storm of traffic and drop many different servers and systems.

And just think, then all the linux users will finally reign supreme when the old empire crumbles. :)

Maestr0

I doubt the scenario that you mentioned would work because the routers would regulate the speed of the data transfers to something more manageable. To really slow down the internet, I think you would have to take out the top level dns servers so that the ip traffic couldn't be resolved (hostname to ip), and even then, the dns entrys are cached, and there's also several backup top level dns servers. Your talking about a DDOS on servers with fibre optic connections, I doubt a few dos attacks would take out that kind of bandwidth, especially when they start blocking the incomming traffic and bringing backup servers online to handle the extra load.



Good luck with that ultimate worm!


--PuRe

This ultimate worm could be created but think about filesize, a worm that has that much capabilities is going to be way to big to spread via the internet.