Distributed Dos Attacks - D-Link NetDefendOS User Manual

Chapter 6: Security Mechanisms
If the attacker chooses a fragment offset higher than the limits imposed by the values specified
in System > Advanced Settings > Length Limit Settings, the packets will not even get that far
and will be dropped immediately. Jolt2 attacks may or may not show up in NetDefendOS logs. If
the attacker chooses a too-high fragment offset for the attack, they will show up as drops from
the rule set to "LogOversizedPackets". If the fragment offset is low enough, no logging will occur.
The sender IP address may be spoofed.

6.7.10. Distributed DoS Attacks

A more sophisticated form of DoS is the Distributed Denial of Service (DDoS) attack. These attacks
involve breaking into hundreds or thousands of individual computers around the Internet to
install DDoS software on them. This allows the hacker to direct the burgled machines to launch
coordinated attacks on victim sites. These attacks typically exhaust bandwidth, router processing
capacity, or network stack resources, breaking network connectivity to the victims.
Although recent DDoS attacks have been launched from both private corporate and public
institutional systems, hackers tend to often prefer university or institutional networks because of
their open, distributed nature. Tools used to launch DDoS attacks include Trin00, TribeFlood
Network (TFN), TFN2K and Stacheldraht.
570