I\'ve read about DDoS attacks and specially the amplification techniques. For ex

Question

I've read about DDoS attacks and specially the amplification techniques. For example, the DNS amplification technique where you can send queries to open resolvers pretending to be the victim, then [if nobody is filtering packets] the victim will get all the responses and if the traffic is high enough, get overwhelmed and stop functioning the way it is supposed to.

If I understand that correctly, the DNS response will be sent from the open resolver with an arbitrary destination port that the victim is not listening to (cuz he didn't make the request, thus not waiting for a response on that port!). How does that affect the victim? Can you get overwhelmed by receiving too many packets wrongly addressed to a port where you are not listening? Is it an expensive operation to ignore packets? Or am I getting it wrong somehow?

Explanation / Answer

Ignoring packets is cheap, but if your connection is unable to handle the sheer volume of traffic per second then you're going to fall down hard. The only answer at that point is to filter traffic upstream of you. Because things are distributed and high performance routers really don't like consulting a large routing table just to play whack-a-mole on which hosts to drop, that can get unwieldy.

That last part is what makes a DDoS so effective: that it's hard to reroute traffic upstream. CloudFlare makes a business out of having enough bandwidth to absorb all the traffic and deal with it without having to filter upstream at providers.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.