RE: DoS/DDoS Attack
From: Gregory D. McPhee (greg_at_mcpheecomm.com)
Date: Fri, 14 Jan 2005 18:50:00 -0500 To: "Faisal Khan" <firstname.lastname@example.org>, <email@example.com>
Stopping a good DDOS attack isn't easy, but there are good products out
there that are designed to do just that. However, there are a lot of
products that claim to have 'DDOS' protection, but they really just
offer some form of connection based rate limiting or limited "proxy on"
service. Some products have added the label for marketing reasons, but
don't really have anything.
The only device I've seen that really protects against this is the Top
Layer IPS 5500. Other IPS products have good content-filtering and
signature libraries, but you didn't ask for that.
From: Faisal Khan [mailto:firstname.lastname@example.org]
Sent: Friday, January 14, 2005 1:06 AM
Subject: DoS/DDoS Attack
Two quick questions.
When IP (Source) addresses are spoofed, is there no way of determining
that the IP Source Addresses is spoofed and not the genuine one (b) to
able to determine the actual IP address that is sending DoS packets?
Somehow I get the feeling I'm SOL when trying to find out the
"genuine/actual" source IP address.
If this is the case, then pretty much we all are helpless with DoS/DDoS
attacks - considering one can write a script/program to keep
or randomly assigning spoofed source addresses in the DoS packets being
Faisal Khan, CEO
Net Access Communication
Systems (Private) Limited
Network Security - Secure Web Hosting
Managed Internet Services - Secure Email
Dedicated Servers - Reseller Hosting
Visit www.netxs.com.pk for more information.