At 09:20 AM 1/28/2011, Emil Larsson wrote:
Since it requires a handshake, TCP is impossible to spoof (unlike UDP). It would make it a bit easier to block IP's since a handshake will fail if a spoofed IP is used. Of course, most DOS bugs in SRCDS are from bugs and lack of packet caching/priority.
Errr.. You can spoof most of IP, just not the handshakes. That's why synfloods multilate servers, because of their sheer PPS. Most ISP's don't use BCP38, so it's easier for source-routed IPs to leave their network. Bottom line is you cannot protect yourself against DDOS. Only thing you can do is hope you have more transit than the attackers.
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
