http://www.broadband.org.au/modules.php?name=News&file=article&sid=897 Here I am, 9:30 in the monring surfing the web when I come across this most interesting note by User Sping on one of the ZGeek forums: A few nights ago, I was playing around a bit, teaching a couple of people about the "joys of denial of service attacks". I started my lesson by stating that the most basic of all DoS attacks is done with a simple ping-flood. (ie, on a windows based machine, ping -n 10000 -l 65500 ). This basically sends 10000 packets 65500 bytes long to the destination address... Now, some networking theory. The data-link layer of the OSI networking model (Layer 2) defines the frame size and structure. The frames are transmitted over the physical connection media (Layer 1). Now, to keep frames moving along, there are maximum frame sizes defined. For example, the maximum frame size for ethernet is 1500 bytes, for PPP connections, its 1492 bytes, etc. If you want to send a 65500 byte packet (packets are Layer 3 - network layer datagrams) via an ADSL connection (which used PPP), the packet is "fragmented" into smaller chunks, with each chunk being sent in a 1492 byte frame. For some reason, when I tried to demonstrate this, my ADSL link dropped out, and a statewide outage occured. Umm.. Lesson over! Out of curiousity, when it came back online 4 hours later, I tried it again. Another outage, a few seconds after I started sending the ping flood. I couldn't believe what I was thinking, so I tried a thrid time, a few hours later. Sure enough, another minor outage occured. My hypothesis - Sending a large amount of fragmented packets over the Telstra ADSL service is causing a buffer overrun in their DSLAMs. The reason why so many outages are occuring is because some (l)users have trojan zombies on their systems and are unwittingly launching DDoS attacks on a site without them realising. This is bringing down the network DSLAMs. Now, just so I don't get in shit, I had gained permission from the host previously before performing any of my floods. Flooding is not very nice, and can be illegal depending on where you are located. Secondly, what is written above is just a hypothesis - I can't be sure withoutr knowing more about the Telstra ADSL network infrastructure (but I'm slowly finding out more and more as I continue my thesis)... I am not sure this isn't a fluke can anyone confirm this ? ---------------------------- Replies --------------------------- Re: ADSL Network Problems - Possible Weakness ? (Score: 0) by Anonymous Mammal on Friday, July 27 @ 03:00:04 CDTWhat a crock. The DSLAMS don't even operate at the network layer (Layer 3). They are merely ATM switches, and don't care the slightest about IP Datagrams, and whether they need to be fragmented due to MTU restrictions or not. Nice try, though. ------------------------- Replies ------------------------- Re: ADSL Network Problems - Possible Weakness ? (Score: 0) by Anonymous Mammal on Friday, July 27 @ 15:22:13 CDT It is sad that adslusers.com.au closed down, it seemed to keep all the idiots claiming Telstra has been haxxed or just generally complaining for the sake of complaining. It's an issue with PPPoE, you max out your upstream and you'll lose the connection. Because the connection isn't terminated by your client sending a PADT frame it can sometimes cause tunnelling issues, thus causing further time outs. Sydney has intermittent issues almost every evening. Top work, you worked out how to disconnect without clicking the disconnect button. --------------------------------- My Thoughts - JM -------------------------------- It won't cause a statewide outage, it would certainly cause the shasta to lock up your ppp session perhaps :>