Mitigating Denial-of-Service Attacks
DoS attacks are difficult to stop. Companies with a high-profile Internet
presence should plan in advance their responses to potential DoS attacks.
Historically, many DoS attacks were sourced from spoofed source addresses.
These types of attacks can be thwarted through use of antispoofing access
lists on border routers and firewalls. Today, however, many DoS attacks are
carried out by distributed networks of real hosts that have been compromised
for the purpose of building attack networks. Mitigating a large DoS or DDoS
attack typically requires careful diagnostics, planning, and cooperation from
Internet service providers (ISP).