[e2e] Redirection-Based Flooding Attacks (was Re: DDoS attackvs.Spoofing of Source Address)

Detlef Bosau detlef.bosau at web.de
Wed Feb 1 03:03:00 PST 2006

Christian Vogt wrote:
> Detlef,
> the attacker would have to send TCP acknowledgments in order to make
> the TCP sender assume that the packets go to the right IP address.  If
> the mobility protocol allows only for a single address' registration,
> the TCP acknowledgments have to be spoofed.

This is what you wrote. The attacker behaves like a TCP receiver.
My question is: What happens when the attacker redirects the flow to the
Does the attacker continue to spoof ACK packets then? If so, this could
be perhaps a rather inefficient way for an attack because the attacker
must continue to spoof ACK packets all the time. So, the motiviation for
doing so would be for the attacker to hide its identity from both the
victim and the sender and have the DoS flow appear like an ordinary TCP
flow from the (abused) sender. Is this correct? In fact, I didn´t see
this kind of 
motivation yesterday.
Detlef Bosau
Galileistrasse 30
70565 Stuttgart
Mail: detlef.bosau at web.de
Web: http://www.detlef-bosau.de
Mobile: +49 172 681 9937

More information about the end2end-interest mailing list