Penetration Testing mailing list archives

RE: DoS/DDoS Attack

From: "Wallisch, Philip" <Philip.Wallisch () neustar biz>
Date: Fri, 14 Jan 2005 11:23:20 -0500

I wouldn't say "no way of determining".  Check out http://www.riverhead.com/

Through the use of baselines and complicated algorithms you can scrub at least some of that traffic.

-----Original Message-----
From: Faisal Khan [mailto:faisal () netxs com pk]
Sent: Friday, January 14, 2005 1:06 AM
To: pen-test () securityfocus com
Subject: DoS/DDoS Attack

Folks,

Two quick questions.

When IP (Source) addresses are spoofed, is there no way of determining (a) 
that the IP Source Addresses is spoofed and not the genuine one (b) to be 
able to determine the actual IP address that is sending DoS packets?

Somehow I get the feeling I'm SOL when trying to find out the 
"genuine/actual" source IP address.

If this is the case, then pretty much we all are helpless with DoS/DDoS 
attacks - considering one can write a script/program to keep incrementing 
or randomly assigning spoofed source addresses in the DoS packets being 
sent out.

Faisal

Faisal Khan,  CEO
Net Access Communication
Systems (Private) Limited
________________________________

Network Security - Secure Web Hosting
Managed Internet Services - Secure Email
Dedicated Servers - Reseller Hosting

Visit www.netxs.com.pk for more information.

Current thread:

RE: DoS/DDoS Attack Wallisch, Philip (Jan 14)
- Re: DoS/DDoS Attack Kevin Willock (IGSN Security) (Jan 14)
- <Possible follow-ups>
- RE: DoS/DDoS Attack Josh Walkson (Jan 15)
- RE: DoS/DDoS Attack Gregory D. McPhee (Jan 15)
  - RE: DoS/DDoS Attack rzaluski (Jan 17)
- RE: DoS/DDoS Attack FXCM - Brandon Palmer (Jan 17)