Penetration Testing mailing list archives
RE: DoS/DDoS Attack
From: "rzaluski" <rzaluski () ivolution ca>
Date: Sat, 15 Jan 2005 11:32:47 -0500
Speaking of DoS. Does anyone have a compiled list of commercial and open source products that do stop DoS attacks? Or at least mitigate them to some extent? Richard Zaluski CISO, Security and Infrastructure Services iVolution Technologies Incorporated 905.309.1911 866.601.4678 905.524.8450 (Pager) www.ivolution.ca rzaluski () ivolution ca Key fingerprint = DB39 7FC3 1F5D AD94 85DD 78B0 774D ======================================================================= CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient, please contact the sender. Any unauthorized review, use, disclosure, or distribution is prohibited. ======================================================================= -----Original Message----- From: Gregory D. McPhee [mailto:greg () mcpheecomm com] Sent: Friday, January 14, 2005 6:50 PM To: Faisal Khan; pen-test () securityfocus com Subject: RE: DoS/DDoS Attack Faisal: Stopping a good DDOS attack isn't easy, but there are good products out there that are designed to do just that. However, there are a lot of products that claim to have 'DDOS' protection, but they really just offer some form of connection based rate limiting or limited "proxy on" service. Some products have added the label for marketing reasons, but don't really have anything. The only device I've seen that really protects against this is the Top Layer IPS 5500. Other IPS products have good content-filtering and signature libraries, but you didn't ask for that. Greg... -----Original Message----- From: Faisal Khan [mailto:faisal () netxs com pk] Sent: Friday, January 14, 2005 1:06 AM To: pen-test () securityfocus com Subject: DoS/DDoS Attack Folks, Two quick questions. When IP (Source) addresses are spoofed, is there no way of determining (a) that the IP Source Addresses is spoofed and not the genuine one (b) to be able to determine the actual IP address that is sending DoS packets? Somehow I get the feeling I'm SOL when trying to find out the "genuine/actual" source IP address. If this is the case, then pretty much we all are helpless with DoS/DDoS attacks - considering one can write a script/program to keep incrementing or randomly assigning spoofed source addresses in the DoS packets being sent out. Faisal Faisal Khan, CEO Net Access Communication Systems (Private) Limited ________________________________ Network Security - Secure Web Hosting Managed Internet Services - Secure Email Dedicated Servers - Reseller Hosting Visit www.netxs.com.pk for more information.
Attachment:
rzaluski@ivolution.ca (rzaluski@ivolution.ca).vcf
Description:
Current thread:
- RE: DoS/DDoS Attack Wallisch, Philip (Jan 14)
- Re: DoS/DDoS Attack Kevin Willock (IGSN Security) (Jan 14)
- <Possible follow-ups>
- RE: DoS/DDoS Attack Josh Walkson (Jan 15)
- RE: DoS/DDoS Attack Gregory D. McPhee (Jan 15)
- RE: DoS/DDoS Attack rzaluski (Jan 17)
- RE: DoS/DDoS Attack FXCM - Brandon Palmer (Jan 17)