Sunday, November 20, 2005

A more effective defense against DoS

This is an interesting read about DoS attack -

The ideas behind how to foil DoS attack is pretty interesting. I doubt that its 100% effective. A more effective defense would be instead of dropping zombie's TCP packets, redirect it to the IP address of the zombie's ISP.

This way, when the ISP gets hit, the ISP will take a more active interest and disconnect the zombie PC's internet connection. Maybe then, the ISP will call up the customer owning the zombie PC and tell them to clean up their act.

This way, you cut off the head instead of waiting for the hackers to give up(and hoping your defense will hold up).

No comments: