I was wondering if there are any DDoS defences where a (any) router will block all packets (for any period of time) from the MAC address of its attacker. If so, under what circumstances would this occur?
Asked
Active
Viewed 673 times
2 Answers
1
Blocking by IP address is not generally used as a DDoS defence, as typically the network is already being loaded by this point, so blocking or dropping packets here offers little value.
In reality, the closer to the attackers you can mitigate the DDoS the more protection you can give, which is why Prolexic, Akamai and similar can offer effective mitigation services.
Blocking by MAC address, as @Iain pointed out, would be even less useful, as if you know their MAC address then they should be on the same network as you:-)
Have a look at this question over on Security Stack Exchange, along with our other questions tagged DDoS.
Rory Alsop
- 1,204
1
MAC addresses do not cross routers. Each time a router accepts an IP packet the lower layer is stripped (e.g Ethernet Frame). Mac addresses only apply to your local network.
If you are being DDoS on your local network, then login to your switch and disable the ports, or walk over to the computers and shut them down.
Zoredache
- 133,737