Why use traceable IP flooding techniques?

Several years ago, Steve Gibson documented an irreparable vulnerability in TCP that allows for an untraceable IP flood. The technique was used to shut down his server, and there's no way to change the TCP/IP protocol to fix it. http://web.archive.org/web/20071128025801/http://www.grc.com/dos/drdos.htm More recently, a vulnerability in the BitTorrent protocol allows you to make other people's BitTorrent clients flood a web site. There's no way to trace the attack to the originator's IP address. Instead, you people decide to use botnets that need to be centrally coordinated through an IRC server. This is one of the dumbest and most traceable ways to conduct an IP flood: http://tpmmuckraker.talkingpointsmemo.com/2011/01/fbi_raids_business_in_investigation_of_attacks_against_enemies_of_wikileaks.php?ref=fpb

nigger got a point here

Because these sorts of attacks require knowledge of TCP/IP and the ability to script the attack.

So most likely you're going to have to be a good C programmer who actually knows how tcp/ip works.  This crosses two knowledge domains, so the list of capable people is fairly small.

At LEAST you'll need to know python, scapy, and TCP/IP.

sure is 2002 in this bitch

http://eroticmugshots.com did this in a hostel take over of escorts. you can read about it on the page... he brags about it and shows examples

If you knew anything about the way the internet is structured, monitored and operated; you'd know this sort of attack isn't entirely untraceable, it's just difficult to find the perpetrator unless you happen to be actively monitoring them.

When Russian hackers shut down Estonia's internet capability, many of the computers sending the spoofed packets were found and cut off from the internet. It's expensive and mostly useless to mount a trace against computers sending spoofed packets, but sometimes it's more expensive not to trace. Keep in mind that log retention in places like Europe will enable tracing spoofed packets long after they're sent.

The botnet game has advanced. Simple IRC botnets that worked well in the year 2002 are a liability these days. Read up about the folks caught operating botnets and you'll find they're all running relatively primitive operations. There are P2P botnets that utilize encryption to avoid detection and countermeasures. These botnets are fully capable of performing spoofing attacks like those described in your article. I'd speculate that these botnets are mostly used for things other than DDoS attacks, but when they are used for DDoS the owner is paid accordingly.

I have trouble believing that there aren't many people who are both knowledgeable in TCP/IP and good at writing C code. Both of those are essentially basic knowledge in their fields. It's possible that not every programmer fully understands TCP/IP, but it's unlikely that most network savvy folks don't know C. I think it has more to do with the fact that the folks with the required knowledge understand that DDoS attacks are brute tools which harm more people than just the intended victim(s).

Hi!

I heard about underground places on the net where anybody can rent a botnet for a day... I wanted to see how easy it can be.  Some of you have some links for me?
thanks!

--> google
// but watch out for scams

>>6
Well I didn't intend to make the claim that knowing TCP/IP and C were rare skillsets to find in one person.  knowing TCP/IP and C in detail is somewhat rare, you could go through an entire IT department full of certificates and CS grads and not find one person who can program low level sockets and knows what IP options is.  It's not even enough to say jerry has programmed C for 10 years and has a CCNE.  Jerry still might be a little fuzzy connecting point A to point B though he has all the tools needed.

From that pool of people those who care to launch a DoS attack or produce a tool is small.