Comparing Usual Addresses

Comparing Usual Addresses
A third option is to perform automated ingress filtering by creating a
packet filter device which sits on the wire and stores a list of usual
source addresses. When it notices a large number of packets with
unusual source addresses, and all going to the same target address, it
can either reject these packets. or it can just notify the target address.
Control Channel Filtering
By filtering out DDoS control messages, one may be able to intercept
the signals which would launch the attack. This can be achieved by
using a signature-based packet filter as mentioned before.
Active Response
If one has managed to detect (and decrypt) a control channel, one may
be able to use credentials sniffed from the control channel to take
control of the attack server and shut it down.
Network Security Assessment
DDoS attacks succeed because the attacker is able to subvert machines
and use them as attack servers. One should take proper care and carry
out a security assessment to ensure machines in one’s organization are
not remote-rootable.
It may also be possible to locate attack servers during an assessment,
which have already been set up as a launching pad for a future attack.