GoDaddy : DDoS : : Contact
Roland Dobbins
rdobbins at arbor.net
Mon Aug 3 12:51:23 UTC 2015
On 3 Aug 2015, at 19:40, Mel Beckman wrote:
> What would be the point of spoofing the source IPs to be identical?
> You're just making the attack trivial to block.
Attackers do strange things all the time.
Most endpoint organizations don't have any way to detect/classify DDoS
traffic, so they've no idea how to block it.
Plus, it can asymmetrically strain load-balanced server instances,
links, et. al.
Most DDoS attacks don't involve TCP and 3-way handshakes. That isn't to
say they aren't common, but one oughtn't to assume that having the
ability to do so is a prerequisite for an attacker.
-----------------------------------
Roland Dobbins <rdobbins at arbor.net>
More information about the NANOG
mailing list