in order to figure out wether the source addresses are spoofed, just look at the ttl of the incoming packets, -even if they are different- trigger the box at the other end to send you a packet (icmp echo-reply, tcp reject, something like that), and then ofcourse the ttl on the packet you made it send by your self, should be more or less the same as the ttl on the incoming packets from that host.

(as usually, the source ip is spoofed)…

if the source ip is -not- spoofed… the procedure is quite simple, you pick up the phone and you call the noc of the originating networks and tell them to fix the issue :P

denialofservice.txt · Last modified: 2011/12/01 02:39 by greebo
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready