1 Jan
2003
1 Jan
'03
10:30 p.m.
On Mon, 30 Dec 2002, Chris Wedgwood wrote:
maybe this could help find the attacking nwtwork? assuming people are using local DNS servers? under attack you could sporadically 'lie' about the result... and log to whom you lied to... all the time looking for changes in the DDoS target a fair amount work perhaps...
This would be nice. Sort of like using different email addresses for each site you hand them to and watching to see where the spam comes in from :-) Tracing back an IP from bind logs to see which name servers looked up an attacked address immediately before the attack started. This at leads to the offender's ISP which is a good start.