Having researched this in-depth after reading a rather cursory article on the topic (http://grc.com/dos/drdos.htm), only two main methods come to my mind to protect against it.
There are a few more methods, some have already mentioned including something called pushback. Very few solutions, particularly elegant ones are widely deployed today.
At some point, sophisticated (or even not so sophisticated) DoS attacks can be hard to distinguish between valid traffic, particularly if widely distributed and traffic is as valid looking as any other bit of traffic.
I have been thinking about this for a while due to a number of reasons. But if we look at the source of the attacks and the effects of the attacks. I would draw the conclusions that a) Unless we fix the "end-system" faults that are used for exploits, the only way that will scale to handle attacks, is simply to make the victims redundant so that you can loose one and loose service for some customers so that you can provide service for the remaining customers. b) In the short to medium term, the only strategy that will work is to sacrifice some parts of your service (or host, or customers - depending on your role and the type of attack / victim). Even with the pushback model, the ordinary users will loose to some extent. So what would be needed would be a model where to loss of bandwidth for end-users are projected to the revenue numbers of the service being attacked. Right?
is a practical solution to an attack of this kind, what prevents its implementation? Lack of awareness, or other?
It is still fairly new and not widely deployed. Routers need not only to support it, but also have to be enabled to use it. It is a fairly significant change to the way congestion control is currently done in the Internet and it will take some time before penetration occurs.
Well, you also need to find another "way" (or buffer, or slowdown) to send the traffic, which in a way also is a successful attack.
to launch attacks. Eventually it all boils down to a physical security problem. Pricing models can be used to make it expensive
With physical security I would assume actual physical access to the system. Anything else to me is "logical" or "system" security. Correct? - kurtis -