Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DoS/DDoS Attack

from [Rainer Duffner] Network Security [Permanent Link]
Subject: Re: DoS/DDoS Attack
Date: Fri, 14 Jan 2005 18:44:16 +0100 
Faisal Khan wrote:



Folks,

Two quick questions.

When IP (Source) addresses are spoofed, is there no way of determining (a) that the IP Source Addresses is spoofed and not the genuine one (b) to be able to determine the actual IP address that is sending DoS packets?

Somehow I get the feeling I'm SOL when trying to find out the "genuine/actual" source IP address.



I think the problem is that nowadays, it's not one (1!) IP, but possibly thousands of zombies - commanded by master-servers that don't directly attack you and thus are invisible to you.
Trying to trace them is probably an exercise in futility.


If this is the case, then pretty much we all are helpless with DoS/DDoS attacks - considering one can write a script/program to keep incrementing or randomly assigning spoofed source addresses in the DoS packets being sent out.


I haven't looked into this for some time, but last time I heard about this, someone said that the ISP must trace through which interface/router/linecard the packets actually come through - and then ask his upstream to do the same (and so on).
But perhaps, there's a more clever alternative these days.



cheers,
Rainer

--
===================================================
~     Rainer Duffner - rainer@ultra-secure.de     ~
~           Freising - Munich - Germany           ~
~    Unix - Linux - BSD - OpenSource - Security   ~
~  http://www.ultra-secure.de/~rainer/pubkey.pgp  ~
===================================================

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: DoS/DDoS Attack, Peter Van Epp
Next by Date:  Re: Discovering users by RCPT TO, dmz
Previous by Thread:  Re: DoS/DDoS Attack, Peter Van Epp
Next by Thread:  RE: Windows based DoS Tools?, Jerry Shenk
Indexes:  [Date] [Thread] [Top] [All Lists]