Quote Originally Posted by Ippersiel
Thanks for the explination Opus00.

So from my understanding, if you're being DDos'd from a small group of people, lets say, like a script kiddies "clan" then the ACK back method would shield someone from being overloaded.

But if you have a bot net that's flooding your gates, your router will be locked up with too many waits for ACK backs.

Another question about this: If the router gets those 10,000 packets and gets held up waiting for 50,000 backs, does it lock up and require a reboot or can it eventually process all 50,000 and start to ignore all 10,000 IPs?
Even the most basic firewall or routing devices wouldn't have any problem handling the types of syn attacks mentioned by Opus00. The firewall or device will normally have a setting for the embryonic limit which basically means how many half open (or waiting) connections can someone try to open into one of my internal machines.

All firewalls (normally) then have an embryonic connection timeout period where all connections are simply dropped. There is no attempt to process any more data, just toss it in the bit bucket, or if you've configured it to send it to a log file of some sort.

Hope this helps, but if it's too simply explained please feel free to make your eyes bleed reading:

http://www.cisco.com/en/US/tech/tk82...800f67d5.shtml