In the first scenario you block traffic from entering your network once you identify the offensive machines. This can be done by a straight block or installing an intermediary router to become the new recipient of offending traffic. Then, you hack into the offensive machines from another network to get traffic logs to track down the real offenders. This is target validation. Then, you can respond against the correct target. Or, you can do the same and rent a bot net in another country to DDoS those who tried to DDoS you.
The second scenario isn't really too different from the first. Once you positively identify which computers are being trouble within your network, you tell the router(s) closest to that device to block the device on both an IP tag or MAC address tag and flag internal routers to block blacklisted MAC addresses. Sure, you can spoof your MAC address but it's a way to respond without generating more traffic within your network.
There are no rules in place on the internet that says machine A MUST be allowed to connect to machine B ESPECIALLY in a cyberwarfare scenario.
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
