RE: DoS/DDoS Attack

["rzaluski" <rzaluski () ivolution ca>]

Speaking of DoS.

Does anyone have a compiled list of commercial and open source products that
do stop DoS attacks? Or at least mitigate them to some extent?

Richard Zaluski
CISO, Security and Infrastructure Services 
iVolution  Technologies Incorporated
905.309.1911
866.601.4678
905.524.8450 (Pager)
www.ivolution.ca
rzaluski () ivolution ca
 
Key fingerprint = DB39 7FC3 1F5D AD94 85DD  78B0 774D
 
=======================================================================
CONFIDENTIALITY NOTICE: This email message, including any 
attachments, is for the sole use of the intended recipient(s) and may 
contain confidential and privileged information. If you are not the 
intended recipient, please contact the sender. Any unauthorized review, 
use, disclosure, or distribution is prohibited.
=======================================================================
-----Original Message-----
From: Gregory D. McPhee [mailto:greg () mcpheecomm com] 
Sent: Friday, January 14, 2005 6:50 PM
To: Faisal Khan; pen-test () securityfocus com
Subject: RE: DoS/DDoS Attack


Faisal:

Stopping a good DDOS attack isn't easy, but there are good products out
there that are designed to do just that.  However, there are a lot of
products that claim to have 'DDOS' protection, but they really just
offer some form of connection based rate limiting or limited "proxy on"
service.  Some products have added the label for marketing reasons, but
don't really have anything.

The only device I've seen that really protects against this is the Top
Layer IPS 5500.  Other IPS products have good content-filtering and
signature libraries, but you didn't ask for that.

Greg... 


-----Original Message-----
From: Faisal Khan [mailto:faisal () netxs com pk] 
Sent: Friday, January 14, 2005 1:06 AM
To: pen-test () securityfocus com
Subject: DoS/DDoS Attack



Folks,

Two quick questions.

When IP (Source) addresses are spoofed, is there no way of determining
(a) 
that the IP Source Addresses is spoofed and not the genuine one (b) to
be 
able to determine the actual IP address that is sending DoS packets?

Somehow I get the feeling I'm SOL when trying to find out the 
"genuine/actual" source IP address.

If this is the case, then pretty much we all are helpless with DoS/DDoS 
attacks - considering one can write a script/program to keep
incrementing 
or randomly assigning spoofed source addresses in the DoS packets being 
sent out.

Faisal





Faisal Khan,  CEO
Net Access Communication
Systems (Private) Limited
________________________________

Network Security - Secure Web Hosting
Managed Internet Services - Secure Email
Dedicated Servers - Reseller Hosting

Visit www.netxs.com.pk for more information.

Attachment: rzaluski@ivolution.ca (rzaluski@ivolution.ca).vcf
Description: