1. Any types of packets which are allowed over the network can cause flooding attack. Any type of packet can be used in a flooding attack. Commonly used: ICMP, UDP or TCP SYN.
2. If there is a valid system at the spoofed source address, it will respond with a RST packet. However, if there is no system then no reply will return. In these cases the server will resend the packet a number of times before finally assuming the connection request has failed. In this period, the server is using an entry in its memory. If many connection requests with forged addresses are incoming, the memory fills up, making the server incapable of handing any more requests (not even legitimate ones).
3. Packets per second calculations:
Size of each packet= 500 bytes
The packet of this size will flood a 1Mbps link in 1,000,000/4000secs=250 packets/sec 0.5Mbps Link equals to 125 packets/sec
2 Mbps Link equals to packets/sec
10 Mbps Link equals to 2500 packets/sec
4. Packet calculations:
(128 x 103) / (500 x 8) = 32 packets per second
So, 0.5 Mbps: you would require at least 4 zombies
2.0 Mbps: you would require at least 16 zombies
10.0 Mbps: you would require at least 78 zombies
If the target surface is larger enough for the attack, then attacker would need to ensure that he has infected the required number of devices based on his link and the size of the target.
5. Yes, the administrators should still be worried because the attackers will find a way surly for getting around the security implementations. But the attacks can be mitigated by implementing various intrusion detections systems and the attacks can be avoided or stopped in its initial phases.