Most of the time, the common assumption in DoS attacks is that they are often caused by multiple sources using spoofed IP addresses. However, a study done by University of Michigan, Carnegie-Mellon University and AT&T shows results that contradict this assumption. The study claims that most DoS attacks are created by less than 50 sources and that IP spoofing is not often used in DoS attacks,as it was previously surmised. The study further shows that network traffic in most DoS attacks indicate that the source can be easily identified and blocked off. Moreover, the attacks always originate from the same point, implying that DoS problems encountered can be solved by just simply blocking the traffic coming from a known DoS attack source.
Take a closer look at the claims of this study here.
