John, What would be the point of spoofing the source IPs to be identical? You're just making the attack trivial to block. Plus you could never do any kind of TCP session attack, since you can't complete a handshake. I would have to call this sort of attack a LAAADDoS (Lame Attempt At A DDoS). :) -mel beckman On Aug 2, 2015, at 10:11 PM, John Levine <johnl@iecc.com> wrote:
DDoS = multiple IPs
DoS = single IP
It seems most people colloquially use DDoS for both, and reserve DoS for magic-packet blocking exploits like the latest BIND CVE, FYI.
Given how easy it still is to put a fake source address in an IP packet, it seems optimistic to assume that just because the packets all have the same return address, they're actually coming from the same place.
R's, John