|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: DoS/DDoS Attack
From: Demetrio Carrión (demetrio.carrion
gmail.com)
Date: Thu Feb 10 2005 - 07:37:57 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi folks,
> When IP (Source) addresses are spoofed, is there no way of determining (a)
> that the IP Source Addresses is spoofed and not the genuine one
Maybe one could inspect the spoofed packet and fingerprint the OS,
then fingerprint the machine that realy hosts the IP source address
received.
You could infer the IP was spoofed if the fingerprintings are
different. Drawbacks:
- DHCP hosts
- Attacking host OS = Real Host OS (IP Source Address)
- Is it usefull anyway? The point is: I presume it is not "completely"
impossible to discover that we are dealing with a spooffed address.
>If this is the case, then pretty much we all are helpless with DoS/DDoS
>attacks - considering one can write a script/program to keep incrementing
>or randomly assigning spoofed source addresses in the DoS packets being
>sent out.
There are some techinques like IP Traceback and Backscattering that
can prevent and traceback DoS/DDoS attacks, although they require
major changes in protocols.
Regards,
Demetrio Carrión
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]