2 replies to this topic

[TroLoco]

I see that when you ping a website, it automatically sends that website four packets of 32 bytes each. For DoS attacks, I see that most noobguides operate with 65500 bytes per packet. How many bytes do you "ping" with when you normally visit a website? *a bit insecure if the question I asked even is valid*

[Swerve]

When you visit a website normally, I would think you use TCP, where as ping uses ICMP.

IIRC some info from the header is removed from a packet's header on each hop it takes on it way, so my guess would be < 65500 if the packet was initially full. If that is the case, I would look at from where they are removed from the header, and it what size, but the route they take will can vary.

Edited by Swerve, 29 November 2010 - 03:39 PM.

[tekio]

I see that when you ping a website, it automatically sends that website four packets of 32 bytes each. For DoS attacks, I see that most noobguides operate with 65500 bytes per packet. How many bytes do you "ping" with when you normally visit a website? *a bit insecure if the question I asked even is valid*

Windows defaults to 1500byte MTU for tcp packets over broadband connections. I believe that is because, unless jumbo frames are used on the LAN, each tcp segment would need to be fragmented at 1500bytes for standard Ethernet.

Years back it was possible to send a large "ping" out of specs, and some operating systems didn't know how to handle the large payload and would kernel panic, ie the ping of death. Basically it would create an ip packet that was larger than 65535 bytes. Because the ip packet was fragmented it was possible to send, but "blew up", over flowing the buffer on the receiving end.

If you operate with ip packets 65500 bytes (i think the max payload size could be 65507 bytes) everything should be all-right. That is in the spec of the IP packet (maybe a little more with header information, but close).