I was wondering if there are any DDoS defences where a (any) router will block all packets (for any period of time) from the MAC address of its attacker. If so, under what circumstances would this occur?
Asked
Active
Viewed 595 times
-1
-
2If you know the [MAC](http://en.wikipedia.org/wiki/MAC_address) address of the attacker then surely you can just amble(ish) over to their computer and pull the network cable ? – user9517 Jun 02 '13 at 19:17
2 Answers
1
Blocking by IP address is not generally used as a DDoS defence, as typically the network is already being loaded by this point, so blocking or dropping packets here offers little value.
In reality, the closer to the attackers you can mitigate the DDoS the more protection you can give, which is why Prolexic, Akamai and similar can offer effective mitigation services.
Blocking by MAC address, as @Iain pointed out, would be even less useful, as if you know their MAC address then they should be on the same network as you:-)
Have a look at this question over on Security Stack Exchange, along with our other questions tagged DDoS.
Rory Alsop
- 1,184
- 11
- 20
-
Thank you, but I need to know if this specific defence exists anywhere in the wild or if it's just a figment of my imagination. I haven't been able to find much on this specific topic. Thank you for your patience. – user176232 Jun 02 '13 at 20:30
-
@user176232, you are missing the point. Mac addresses to not cross a router. So there is no way this could be useful. – Zoredache Jun 02 '13 at 21:20
1
MAC addresses do not cross routers. Each time a router accepts an IP packet the lower layer is stripped (e.g Ethernet Frame). Mac addresses only apply to your local network.
If you are being DDoS on your local network, then login to your switch and disable the ports, or walk over to the computers and shut them down.
Zoredache
- 128,755
- 40
- 271
- 413