I wouldn't quite agree with you that "there isnt really anything much one can do" :)
Your ISP can provide several technical measures to minimize the impact of DoS (fragmenting and slowing down all traffic if distributed DoS, blocking (if viable) IP's initiating DoS). The "victim" should log all activity and be sure to notify proper authorities. Another measure is "reverse" IDS - snif your own outbound traffic to see if someone from your network is causing any suspicious traffic that can harm somebody else's network resources. Just my $.02 Miroslav --- Neo Ramone <[EMAIL PROTECTED]> wrote: > My team is working on developing an IDS to *help > with* denial of service attacks. ... > Regarding Denial of Service attacks - I > understand that, once they start > there isnt really anything much one can do except > sit through them. In such > a case is there any useful activity an IDS can > perform during/after such an > attack? __________________________________________________ Do You Yahoo!? Find the one for you at Yahoo! Personals http://personals.yahoo.com
