John, What would be the point of spoofing the source IPs to be identical? You're just making the attack trivial to block. Plus you could never do any kind of TCP session attack, since you can't complete a handshake. I would have to call this sort of attack a LAAADDoS (Lame Attempt At A DDoS). :)
-mel beckman On Aug 2, 2015, at 10:11 PM, John Levine <jo...@iecc.com> wrote: >>> DDoS = multiple IPs >>> >>> DoS = single IP >> >> It seems most people colloquially use DDoS for both, and reserve DoS for >> magic-packet blocking exploits like the latest BIND CVE, FYI. > > Given how easy it still is to put a fake source address in an IP > packet, it seems optimistic to assume that just because the packets > all have the same return address, they're actually coming from the > same place. > > R's, > John
