Came across this article on security-protocols.com in which the author discusses DDoS (Distributed Denial of Service). I was particularly interested since we have been experiencing such attacks on our network recently. Unlike DoS (Denial of Service) attacks where the source of attack can be easily identified and blocked, it is very difficult to identify the source of DDoS attacks. The only way we can stop the attack is by blocking all traffic to the destination of the attack. And this is exactly what the attacking party wants. I don’t see a solution to this in the near future. A good point that the author mentions is that all routers should have ingress and egress filtering configured properly. This in effect allows only authorized networks to originate and terminate at a router, thereby minimizing the ability of an attacker to use a spoofed IP address.
