Hi Zach, Stefan Savage has developed a method which would allow a site under a DDOS attack to track down the attackers even if they are spoofing their IP addresses. This work was on Ars Technica a while ago (see the following links) This link outlines a basic strategy http://arstechnica.com/reviews/2q00/networking/networking-4.html#ddos This link acknowledges that the basic strategy needs improving on and talks about a slightly more workable solution http://arstechnica.com/reviews/2q00/networking/networking-5.html This is still a long way off and would need to be adopted by companies like Cisco etc. Somehow I don't see that happening anytime soon. While I'm at it, here's my bit on the XP side of things. IP address spoofing will never become a big problem as ISP's can implement egress filtering. This would mean that you'd always at least know the ISP of the spoofer. The biggest problem will still remain the same - getting ISP's to cooperate with people under attack. Cheers, Alex Hague > Hi Paul, > > So is DDoS attacks biggest security threat out there? > It seems to be a big problem. Especially for e-commerce and data > warehousing/management systems where uptime = $$. > So no one has developed effective countermeasures against > arbitrary DDoS attacks? I guess if there was a large enough > concerted attack that some group could even overload an entire > ISP or an Internet backbone? Do we need laws to give law > enforcement/ISPs more power to solve this. > > SDG, > Zach > > uram@cmu.edu > "Blessed are those who have not seen and yet have faith." - John 20:29 > > - > [To unsubscribe, send mail to majordomo@lists.gnac.net with > "unsubscribe firewalls" in the body of the message.] > - [To unsubscribe, send mail to majordomo@lists.gnac.net with "unsubscribe firewalls" in the body of the message.]