GoDaddy : DDoS : : Contact

Roland Dobbins rdobbins at arbor.net
Mon Aug 3 12:51:23 UTC 2015


On 3 Aug 2015, at 19:40, Mel Beckman wrote:

> What would be the point of spoofing the source IPs to be identical? 
> You're just making the attack trivial to block.

Attackers do strange things all the time.

Most endpoint organizations don't have any way to detect/classify DDoS 
traffic, so they've no idea how to block it.

Plus, it can asymmetrically strain load-balanced server instances, 
links, et. al.

Most DDoS attacks don't involve TCP and 3-way handshakes.  That isn't to 
say they aren't common, but one oughtn't to assume that having the 
ability to do so is a prerequisite for an attacker.

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>



More information about the NANOG mailing list