RE: DoS/DDoS Attack

From: Gregory D. McPhee (greg_at_mcpheecomm.com)
Date: 01/15/05

  • Next message: H D Moore: "Re: question regarding w3who.dll bug"
    Date: Fri, 14 Jan 2005 18:50:00 -0500
    To: "Faisal Khan" <faisal@netxs.com.pk>, <pen-test@securityfocus.com>
    
    

    Faisal:

    Stopping a good DDOS attack isn't easy, but there are good products out
    there that are designed to do just that. However, there are a lot of
    products that claim to have 'DDOS' protection, but they really just
    offer some form of connection based rate limiting or limited "proxy on"
    service. Some products have added the label for marketing reasons, but
    don't really have anything.

    The only device I've seen that really protects against this is the Top
    Layer IPS 5500. Other IPS products have good content-filtering and
    signature libraries, but you didn't ask for that.

    Greg...

    -----Original Message-----
    From: Faisal Khan [mailto:faisal@netxs.com.pk]
    Sent: Friday, January 14, 2005 1:06 AM
    To: pen-test@securityfocus.com
    Subject: DoS/DDoS Attack

    Folks,

    Two quick questions.

    When IP (Source) addresses are spoofed, is there no way of determining
    (a)
    that the IP Source Addresses is spoofed and not the genuine one (b) to
    be
    able to determine the actual IP address that is sending DoS packets?

    Somehow I get the feeling I'm SOL when trying to find out the
    "genuine/actual" source IP address.

    If this is the case, then pretty much we all are helpless with DoS/DDoS
    attacks - considering one can write a script/program to keep
    incrementing
    or randomly assigning spoofed source addresses in the DoS packets being
    sent out.

    Faisal

    Faisal Khan, CEO
    Net Access Communication
    Systems (Private) Limited
    ________________________________

    Network Security - Secure Web Hosting
    Managed Internet Services - Secure Email
    Dedicated Servers - Reseller Hosting

    Visit www.netxs.com.pk for more information.


  • Next message: H D Moore: "Re: question regarding w3who.dll bug"

    Relevant Pages

    • Re: Why bandwidth consuming ddos attack using only udp or icmp?
      ... what I would like to know is why ddos attacker don't using tcp for bandwidth ... like syn flooding attack. ... Why bandwidth consuming ddos attack using only udp or icmp? ...
      (Security-Basics)
    • RE: Why bandwidth consuming ddos attack using only udp or icmp?
      ... what I would like to know is why ddos attacker don't using tcp for bandwidth consuming attack? ... so he can send lots of tcp packets toward to the port 80/tcp of the victim like syn flooding attack. ... Why bandwidth consuming ddos attack using only udp or icmp? ...
      (Security-Basics)
    • Re: Groklaws "Bias" and the SCO DDoS Attack
      ... The way a DDoS attack works is that the ... it looks like hundreds of machines are ...
      (comp.unix.sco.misc)
    • Re: DOS Attack
      ... Swap et Malke ... There is such a thing as a DoS attack...that is, infact a "Denial of Service" attack...whereas a DDoS attack is a "Distributed Denial of Service" attack and by definition is typically a DoS attack from multiple sources..thus Distributed....and infact either one could be applicable to his situation if this is indeed an attack. ... A DoS or DDoS attack is an attack that is designed to make a computer or network resource unavailable or unusable to it's intended users. ...
      (microsoft.public.windowsxp.security_admin)
    • RE: DoS/DDoS Attack
      ... Speaking of DoS. ... Subject: DoS/DDoS Attack ... Network Security - Secure Web Hosting ...
      (Pen-Test)