On Oct 12, 2004, at 12:50 PM, Bora Akyol wrote:
2.3. For a DDoS attack to succeed more than once, the launch points must remain anonymous. Therefore, forged IP source addresses are used. From the victim's point of view, a DDoS attack seems to come from everywhere at once, even from many IP addresses that are unallocated or otherwise invalid.
How many people have seen "forged" spoofed IP addresses being used for DOS attacks lately?
<raises hand> Not saying that I have not see non-forged DoS attacks too, or even which is more common, just saying they exist, are happening today, and cause non-trivial problems for some providers. From my _personal_ experience (not my company, not a scientific sampling), it appears non-spoofed sources are a bigger problem. But ignoring spoofed sources would be a mistake, IMHO. -- TTFN, patrick