Backscatter Analysis Technique
Flooding-style DoS attacks
- e.g. SYN flood, ICMP flood
Attackers spoof source address randomly
- True of all major attack tools
- i.e. not SMURF or reflector attack
Victims, in turn, respond to attack packets
Unsolicited responses (backscatter) equally distributed across IP space
Received backscatter is evidence of an attacker elsewhere