Penetration Testing mailing list archives
Re: DoS/DDoS Attack
From: Demetrio Carrión <demetrio.carrion () gmail com>
Date: Thu, 10 Feb 2005 10:37:57 -0300
Hi folks,
When IP (Source) addresses are spoofed, is there no way of determining (a) that the IP Source Addresses is spoofed and not the genuine one
Maybe one could inspect the spoofed packet and fingerprint the OS, then fingerprint the machine that realy hosts the IP source address received. You could infer the IP was spoofed if the fingerprintings are different. Drawbacks: - DHCP hosts - Attacking host OS = Real Host OS (IP Source Address) - Is it usefull anyway? The point is: I presume it is not "completely" impossible to discover that we are dealing with a spooffed address.
If this is the case, then pretty much we all are helpless with DoS/DDoS attacks - considering one can write a script/program to keep incrementing or randomly assigning spoofed source addresses in the DoS packets being sent out.
There are some techinques like IP Traceback and Backscattering that can prevent and traceback DoS/DDoS attacks, although they require major changes in protocols. Regards, Demetrio Carrión
Current thread:
- Re: DoS/DDoS Attack Demetrio Carrión (Feb 11)