What practice does not help incident responders protect the network against DoS/DDoS incidents?

Allowing overwriting of return addresses does not contribute to protecting the network against Denial of Service (DoS) or Distributed Denial of Service (DDoS) incidents. This practice is primarily related to vulnerabilities in software applications, specifically in the context of buffer overflow attacks. By allowing return addresses to be overwritten, systems may become more susceptible to exploitation, leading to unauthorized access or system compromise rather than enhancing the resilience against DoS/DDoS attacks.

In contrast, implementing network segmentation helps isolate critical components of the network, making it harder for attackers to reach target resources. Using traffic anomaly detection allows for the identification of unusual patterns that may indicate an impending DDoS attack, enabling quicker response times. Establishing incident response protocols ensures that there is a structured and efficient approach to managing incidents, which is crucial for minimizing the impact of potential disruptions caused by DoS or DDoS attacks. Each of these practices enhances the overall security posture against such incidents, unlike the allowance of return address overwriting.