Razlike
Slijede razlike između dviju inačica stranice.
| Starije izmjene na obje strane
Starija izmjena
Novija izmjena
|
Starija izmjena
|
racfor_wiki:mrezna_forenzika:ddos_napadi [2022/01/08 15:03]
vmuzevic [DoS Mitigation] |
racfor_wiki:mrezna_forenzika:ddos_napadi [2024/12/05 12:24] (trenutno)
|
| ===== Tracing DoS attacks ===== | ===== Tracing DoS attacks ===== |
| |
| DoS and especially DDoS attacks can be very difficult to trace especially if the attacker is experienced and knowledgable on the subject, however it is only human to make mistakes. In the case of DoS attacks the source is a single machine and in the case of a novice attacker, IP traceback methods could be used to find the source and the geolocation, however this is completely void in the case of experienced attackers that know how to spoof IP addresses. While DDoS is much more difficult to trace we can still use IP traceback to locate the bot's IP and location, and potentially identify the network providers of said bots. This is feasable with small botnets, but using this method on a botnet of ten thousand bots or more is hardly effective. However, with DDoS a much more reliable method is utilising forensics. DDoS attacks are commonly used to cover up a much more serious attack which are also much easier to trace. In the case of bot nets as a service, which can be found on offer on the dark web, it is possible trace a request to said service which started the attack or even follow a payment trail to find the buyer and/or seller of the service. | DoS and especially DDoS attacks can be very difficult to trace especially if the attacker is experienced and knowledgable on the subject, however it is only human to make mistakes. In the case of DoS attacks the source is a single machine and in the case of a novice attacker, IP traceback methods could be used to find the source and the geolocation, however this is completely void in the case of experienced attackers that know how to spoof IP addresses. While DDoS is much more difficult to trace we can still use IP traceback to locate the bot's IP and location, and potentially identify the network providers of said bots. This is feasable with small botnets, but using this method on a botnet of ten thousand bots or more is hardly effective. However, with DDoS a much more reliable method is utilising forensics. DDoS attacks are commonly used to cover up a much more serious attack which are also much easier to trace. In the case of bot nets as a service, which can be found on offer on the dark web, it is possible trace a request to said service which started the attack or even follow a payment trail to find the buyer and/or seller of the service.<sup>[1]</sup> |
| |
| ===== Conclusion ===== | ===== Conclusion ===== |
