L
L
LordDominator2022-04-02 16:45:40
DDoS Protection
LordDominator, 2022-04-02 16:45:40

How to identify the initiator of a spoofed DDoS attack?

Tell me, please, is it possible to somehow calculate the real initiator of a DDoS attack if it replaces the sender's ip (for example, Spoofed SYN Flood)?
Maybe by meta-information from packet headers?
That is, can we say that these two packets passed through the same network or router, which means that with a high probability they were initiated by one botnet?
There are articles about Packet Marking, but it's not very clear how it works.
It turns out that each router must leave its own label in the packet, but how should providers implement this?
Thank you!

Answer the question

In order to leave comments, you need to log in

1 answer(s)
R
Romeo558, 2022-04-02
@Romeo558

If an attacker uses a botnet to attack, then this is almost impossible. Using SSYNF, an attacker replaces his IP in the same way as a heaped VPN would do. As for me and my experience with networks, I believe that this is possible, but very difficult.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question