Ethereal-users: [Ethereal-users] RE: Spoofed packets...

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Berry, Richard" <BerryR@xxxxxxxxxxxxxxxxxxx>
Date: Mon, 10 Sep 2001 09:17:11 -0500
Actually, there is no practical way to trace those packets. A spoofed attack
generally doesn’t care about return packets; it’s primarily a blind attack.
It’s usually a denial-of-service (DOS) attack intended to bring down a site.
The attacker isn’t looking for “legal (that is, the normal packet-then-ack
traffic)” traffic. They’re simply interested in killing a resource/site.

Theoretically, if the attack was continuing, one could talk to each carrier,
who might be able to tell where it’s coming from, but that’s certainly not
feasible in real life.

Richard Berry
LAN Engineer-Principal
"Si hoc legere scis numium eruditionis habes."