[aprssig] aprsis DOS in Poland, observation

Patrick winston at winston1.net
Mon Sep 7 18:06:19 EDT 2020

It's not about what you personally have with current dos techniques, it's
about exploiting other people who are unaware and often doing something
else..  Picture it being run as a browser based JavaScript client, either
as a direct IP client or easier to exploit might be for servers which
support http send ports, because you could then exploit them through an
ajax style query which is basic dynamic web programming these days. In
either case you would have random people sending packets just from viewing
a webpage, and using a thirst trap of some porn images it would be easy to
get lots of those happening.


On Mon., Sep. 7, 2020, 5:29 p.m. Nick VA3NNW, <tapr at noseynick.com> wrote:

> > Hessu mentioned this already, but rate limits may protect against an
> > accidental situation...  but even forcing things right down to 2
> > packets per second as mused by Curt, 1500 - 2000 packets per second
> > can be done with 750-1000 clients which can be done with unique IPs
> > pretty easily meaning there is no way to block it if done on purpose.
> If someone has access to 1000 IPs... are these in the same subnet (which
> could be given an aggregated token-bucket of uplink bandwidth), or do
> they already have a botnet that can already DDoS almost anything?
> --
> "Nosey" Nick Waterman, VA3NNW/G7RZQ, K2 #5209.
> use Std::Disclaimer;    sig at noseynick.net
> Modem: How a Southerner asks for seconds...
> _______________________________________________
> aprssig mailing list
> aprssig at lists.tapr.org
> http://lists.tapr.org/mailman/listinfo/aprssig_lists.tapr.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tapr.org/pipermail/aprssig_lists.tapr.org/attachments/20200907/af0d083b/attachment.html>

More information about the aprssig mailing list