I saw this article on a site yesterday, the entire thing can be found at http://www.innu.org/~sean/articles/unspoofing.txt. Perhaps it is of some intrest: The amount and frequency of denial of service attacks are escalating. It's becoming harder to track down the source who initiates them due to trace-evasion techniques. A raw interface to the networking stack allows anyone to send spoofed packets to a target host, eliminating the ability of its administrator to determine the origin of the attack. In today's world of e-commerce and globalization, the attacks and the inability to determine their source can be devastating. It gives small companies a bad name, and destroys the good reputations of larger companies. The ability to track down the source that uses spoofing techniques will certainly increase the chance to catch those attacking, and will force people to think of more intricate ways to attack servers on the net. This paper describes a few ways to track down these types of attacks up to the last link in the chain (the attacker himself), or at least his ISP. Eric Prince ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Sep 18 2002 - 06:39:57 PDT