lammert - 4:12 am on Jun 23, 2010 (gmt 0)

Some type of attacks can be done with spoofed addresses, but others can't. In general, every type of DOS attack which needs communication back from the attacked server to the attacker to succeed cannot be spoofed.

If you are on Linux, and have enough knowledge of system administration, you could activate the built-in iptables firewall and block those IP addresses yourself. If the IP addresses change often this may not be a good approach because you continuously have to add new addresses to the lists.

In that case you need a more intelligent solution, either in an external firewall, in the internal server firewall or with scripts which read log files for suspicious activity and block IPs dynamically. For that solution to succeed you need to know the type of attack vector used in the attack (SYN flood, large Ping packets, continuous request of one HTTP page etc) and tune the firewall or scripts for that specific attack type.