On Sat, 01 Apr 2006 05:34:20 +0100, n3td3v said: > against fake logins and their databases. Theres no way however they could > carry out world wide attacks on hundreds of fake login targets, without the > use of more than one ip host. Obviously you've never bothered to look at just how much one spam can be pumped out a single zombied machine on a cablemodem in one day, have you? ;) You'd be amazed at what one host can do, given an actual pipe bigger than the average consumer-grade skinny pipe, and some creative programming to sustain more network traffic than the average browser can put on the pipe. Remember they don't have to flood the destination host enough to kick it off the net - they only need to send it enough bogus data so the phishers can't find the real one. Several tens of thousands of bogus entries per day till it gets taken down - even if you guesstimate 10 packets per bogus connection (hint - use http keepalives to your benefit here :), you're only looking at 100K packets, over a 24 hour timespan that's only one or two packets per second. Doing in 2,000 phishing hosts only needs to sustain 2,000 packets per second, which is <rough back-of-envelope calc> only going to need a 100mbit or so pipe. You can't do it on a single 10mbit ethernet, that's only going to give you about 800 1500-byte packets to do the HTTP POST commands with per second. But even hosing down 2,000 hosts with 10K bad requests each is only going to take up about 25% of the pipe. If you're only hitting 500 hosts, you can probably send each one well over 100K bogus ones a day.
Attachment:
pgpsUhr92CAS3.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/