Kappea Posted July 24, 2010 Share Posted July 24, 2010 Here's a question for you guys... If a person's DNS server is being used as part of a Distributed Reflected Denial of Service attack (DRDOS), is there any way to determine the real IP address where the DNS requests are coming from? Quote Link to comment Share on other sites More sharing options...
Sparda Posted July 24, 2010 Share Posted July 24, 2010 Technically yes but actually no. You would have to monitor every router on the internet and determine which router got the spoofed packet first assuming that the first router it came from is not the same router that the legitimate source is on. However, this is not possible because it is impossible to monitor at that level of detail within a single ISP let alone the whole internet. Quote Link to comment Share on other sites More sharing options...
Kappea Posted July 24, 2010 Author Share Posted July 24, 2010 I understand. I thought there would be a practical way to do it, but I suppose not. Thank you for your help! Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted July 25, 2010 Share Posted July 25, 2010 @Kapeea, I would recommend you reading this article. http://www.esecurityplanet.com/features/ar...DoS-Attacks.htm Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.