17 Sep
1996
17 Sep
'96
3:45 p.m.
From my expirience: There is one (not very complex) additional way to determine the real source of attack - DNS. If you configure DNS servers (you and secondaries also) to write log of requests and after that change your server IP address, you can fix the time then attacker change address to new. Manual analize of logs can very limit the number of potential attackers - look at the time of requests. - Leonid Yegoshin, LY22