Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DoS/DDoS Attack

from [Demetrio Carrión] Network Security [Permanent Link]
Subject: Re: DoS/DDoS Attack
Date: Thu, 10 Feb 2005 10:37:57 -0300 
Hi folks,


When IP (Source) addresses are spoofed, is there no way of determining (a)
that the IP Source Addresses is spoofed and not the genuine one 


Maybe one could inspect the spoofed packet and fingerprint the OS,
then fingerprint the machine that realy hosts the IP source address
received.

You could infer the IP was spoofed if the fingerprintings are
different. Drawbacks:
- DHCP hosts
- Attacking host OS = Real Host OS (IP Source Address)
- Is it usefull anyway? The point is: I presume it is not "completely"
impossible to discover that we are dealing with a spooffed address.


If this is the case, then pretty much we all are helpless with DoS/DDoS
attacks - considering one can write a script/program to keep incrementing
or randomly assigning spoofed source addresses in the DoS packets being
sent out.


There are some techinques like IP Traceback and Backscattering that
can prevent and traceback DoS/DDoS attacks, although they require
major changes in protocols.

Regards,

Demetrio Carrión
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: DoS/DDoS Attack, Demetrio Carrión <=
Previous by Date:  Re: Mapping Class A network ( any easy trick?), Ismael Gonzalez
Next by Date:  Re: Data Mining for PIX Firewall Logs, Cesar Diaz
Previous by Thread:  CFP for SyScAN'05, organiser@syscan.org
Next by Thread:  Evaluation SMTP Gateway., Daniel Espinosa
Indexes:  [Date] [Thread] [Top] [All Lists]