On Tue, 12 Oct 2004, Bora Akyol wrote:
> Excerpt from the text quoted above: > > 2.3. For a DDoS attack to succeed more than once, the launch points must > remain anonymous. Therefore, forged IP source addresses are used. From > the victim's point of view, a DDoS attack seems to come from everywhere > at once, even from many IP addresses that are unallocated or otherwise > invalid. > > How many people have seen "forged" spoofed IP addresses being used > for DOS attacks lately? it does still happen... I've not run the numbers for our reactions to say '50% spoofed/50% non-spoofed' but it certainly seems like 'more' are non-spoofed lately. This could be a simple swing of the pendulum, or other 'better' things like more people egress filtering. -Chris
