On 3 Aug 2015, at 19:40, Mel Beckman wrote:
What would be the point of spoofing the source IPs to be identical?
You're just making the attack trivial to block.
Attackers do strange things all the time.
Most endpoint organizations don't have any way to detect/classify DDoS
traffic, so they've no idea how to block it.
Plus, it can asymmetrically strain load-balanced server instances,
links, et. al.
Most DDoS attacks don't involve TCP and 3-way handshakes. That isn't to
say they aren't common, but one oughtn't to assume that having the
ability to do so is a prerequisite for an attacker.
-----------------------------------
Roland Dobbins <rdobb...@arbor.net>
