RE: DoS/DDoS Attack

["Gregory D. McPhee" <greg () mcpheecomm com>]

Faisal:

Stopping a good DDOS attack isn't easy, but there are good products out
there that are designed to do just that.  However, there are a lot of
products that claim to have 'DDOS' protection, but they really just
offer some form of connection based rate limiting or limited "proxy on"
service.  Some products have added the label for marketing reasons, but
don't really have anything.

The only device I've seen that really protects against this is the Top
Layer IPS 5500.  Other IPS products have good content-filtering and
signature libraries, but you didn't ask for that.

Greg... 


-----Original Message-----
From: Faisal Khan [mailto:faisal () netxs com pk] 
Sent: Friday, January 14, 2005 1:06 AM
To: pen-test () securityfocus com
Subject: DoS/DDoS Attack



Folks,

Two quick questions.

When IP (Source) addresses are spoofed, is there no way of determining
(a) 
that the IP Source Addresses is spoofed and not the genuine one (b) to
be 
able to determine the actual IP address that is sending DoS packets?

Somehow I get the feeling I'm SOL when trying to find out the 
"genuine/actual" source IP address.

If this is the case, then pretty much we all are helpless with DoS/DDoS 
attacks - considering one can write a script/program to keep
incrementing 
or randomly assigning spoofed source addresses in the DoS packets being 
sent out.

Faisal





Faisal Khan,  CEO
Net Access Communication
Systems (Private) Limited
________________________________

Network Security - Secure Web Hosting
Managed Internet Services - Secure Email
Dedicated Servers - Reseller Hosting

Visit www.netxs.com.pk for more information.