Undetectable DoS attack with an invalid IP [closed]

Closed. This question is off-topic. It is not currently accepting answers.

---

Want to improve this question? Update the question so it's on-topic for Stack Overflow.

Closed 11 years ago.

开发者_Go百科 Improve this question

in Security+ book, it has been told that DoS attack can be undetectable and an attacker can use an invalid IP address.

what did it mean by Invalid IP address? is it a zombie IP? how can we face with that?

---

It means spoofing. Spoofing means sending a packet with a source IP that doesn't belong to you.

It's simple, really. The attacker sends a constant stream of packets to the victim and populates ip.src with 127.0.0.1 or 74.125.39.105 or something like that. It does this to hide his identity. If he didn't, you could go to his ISP "Hey, this guy is DoS'ing me! Shut him down".

You must understand that when a packet leaves a host there are not magic rules that ensure it's correct. Most serious operating systems that support IP allow you to send whatever you want in an IP packet.

---

The attacker can send a packet to the target and spoof the sender IP address. This means he can use any IP address he wants. So the IP address is not really invalid, only there may not be a host connected to the IP address.