Re: DDos syn attack

[Avleen Vig <lists-nanog () silverwraith com>]

On Mon, 30 Dec 2002, Chris Wedgwood wrote:

> maybe this could help find the attacking nwtwork?  assuming people are
> using local DNS servers?
> under attack you could sporadically 'lie' about the result... and log
> to whom you lied to... all the time looking for changes in the DDoS
> target
> a fair amount work perhaps...

This would be nice. Sort of like using different email addresses for each
site you hand them to and watching to see where the spam comes in from :-)

Tracing back an IP from bind logs to see which name servers looked up an
attacked address immediately before the attack started. This at leads to
the offender's ISP which is a good start.