Whether ISPs provide path of Spoofed SYN Flood attack is the only way to trace the attack source?

Asked Mar 25 '20 at 15:30

Active Mar 25 '20 at 15:53

Viewed 119 times

The attacker spoofs SYN packets to attack a server.

Spoofed Attack: A malicious user can also spoof the IP address on each SYN packet they send in order to inhibit mitigation efforts and make their identity more difficult to discover. While the packets may be spoofed, those packets can potentially be traced back to their source. It’s difficult to do this sort of detective work but it’s not impossible, especially if Internet service providers (ISPs) are willing to help.

I only can think that all the ISPs in cooperation can provide the packet's path. Are ISPs providing the path of spoofed IPs the only way to trace the attack source?

edited Mar 25 '20 at 15:53

schroeder

123,438
55
284
319

asked Mar 25 '20 at 15:30

244boy

If you cannot trust the data in the packets, then, yes, you would need the records from the path itself to trace the source. – schroeder Mar 25 '20 at 15:54
there is no other way to find the real source IP right? – 244boy Mar 25 '20 at 16:43
If it is spoofed, then no. One can only trace the path, router by router. – schroeder Mar 25 '20 at 16:52

Whether ISPs provide path of Spoofed SYN Flood attack is the only way to trace the attack source?

0 Answers0