Hi. On Sat, Sep 22, 2018 at 12:58:02PM +0200, Pascal Hambourg wrote: > Le 22/09/2018 à 11:51, Reco a écrit : > > > > On Sat, Sep 22, 2018 at 09:46:35AM +0200, Pascal Hambourg wrote: > > > Le 21/09/2018 à 20:32, Reco a écrit : > > > > > > > > Evil person makes a TCP connection to unprotected host, but forges > > > > source IP. Host sends TCP RST to this forged IP, host acting as a > > > > 'reflector' to an attack. And being a bad netizen at the same time. > > > > > > > > Evil person takes as many of such hosts as possible - and there goes > > > > your old-fashioned RST DDOS. > > > > > > What is the attacker's benefit over just sending packets directly to the > > > target with forged source addresses ? > > > > The benefit is that one cannot pinpoint the real attacker, of course. > > Isn't the same benefit provided by just forging the source address ?
Unsure. I only have theoretical knowledge of such attacks, never performed one myself. Defending against the thing - that's something I'm more versed with. Reco
