|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: DDos syn attack
On Mon, 30 Dec 2002, Chris Wedgwood wrote: > maybe this could help find the attacking nwtwork? assuming people are > using local DNS servers? > under attack you could sporadically 'lie' about the result... and log > to whom you lied to... all the time looking for changes in the DDoS > target > a fair amount work perhaps... This would be nice. Sort of like using different email addresses for each site you hand them to and watching to see where the spam comes in from :-) Tracing back an IP from bind logs to see which name servers looked up an attacked address immediately before the attack started. This at leads to the offender's ISP which is a good start.
|