Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
L
L
LordDominator2022-04-02 16:45:40
DDoS Protection
LordDominator, 2022-04-02 16:45:40

How to identify the initiator of a spoofed DDoS attack?

Tell me, please, is it possible to somehow calculate the real initiator of a DDoS attack if it replaces the sender's ip (for example, Spoofed SYN Flood)?
Maybe by meta-information from packet headers?
That is, can we say that these two packets passed through the same network or router, which means that with a high probability they were initiated by one botnet?
There are articles about Packet Marking, but it's not very clear how it works.
It turns out that each router must leave its own label in the packet, but how should providers implement this?
Thank you!

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
R
Romeo558, 2022-04-02
@Romeo558

If an attacker uses a botnet to attack, then this is almost impossible. Using SSYNF, an attacker replaces his IP in the same way as a heaped VPN would do. As for me and my experience with networks, I believe that this is possible, but very difficult.

Similar questions
F
freakyfake2014-07-31 09:57:10
How to protect yourself from Ddos in the least expensive way? 8Reply
V
Vladimir Revyakin2016-09-22 20:42:47
SYN flood attack how to deal with? 0Reply
A
Andrey2019-02-21 15:49:22
How to protect the site from this kind of ddos? 3Reply
A
AttempGame2019-03-23 00:10:25
Has anyone ever practiced DDoS protection by filtering traffic? 6Reply
X
Xisp2014-12-01 16:07:29
How can you protect yourself from DDOS through TOR? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question