Date: Thu, 6 Dec 2001 11:00:26 -0800 (PST) From: "f.johan.beisser" <jan@caustic.org> To: Ronan Lucio <ronan@melim.com.br> Cc: <security@FreeBSD.ORG> Subject: Re: Attacks DDoS Message-ID: <20011206105611.J16958-100000@localhost> In-Reply-To: <045101c17e87$7c9922e0$2aa8a8c0@melim.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 6 Dec 2001, Ronan Lucio wrote:
> Hi All,
>
> Does anybody know if is there a way to find out where a DDoS attack
> come from?
yes. you can start by analysing the incoming packets, and start contacting
the owners of that network. the problem is that this can lead to several
hundred contacts, over a very large amount of networks and contacts.
assuming they co-operate, they can then track down who's issuing the
commands to the various zombie/slave machines.
sadly, outside of this, there's not much you can do about a DDoS,
considering the first D stands for distributed.. it's designed to be hard
to track down, and hard to stop.
-------/ f. johan beisser /--------------------------------------+
"John Ashcroft is really just the reanimated corpse
of J. Edgar Hoover." -- Tim Triche
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011206105611.J16958-100000>