WANTED: ISPs with DDoS defense solutions

• Previous message (by thread): WANTED: ISPs with DDoS defense solutions
• Next message (by thread): WANTED: ISPs with DDoS defense solutions
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

McBurnett, Jim wrote:
> if *all* dsl and cablemodem plants firewalled inbound SYN packets and/or
> only permitted inbound UDP in direct response to prior valid outbound UDP,
> would rob really have seen a ~140Khost botnet this year?

In a sense, I would agree with you. The best method for what you 
describe is, of course, NAT. However, I can think of a lot of protocols 
that won't work with it properly. While a large portion of the userbase 
doesn't notice, vendors trying to put out products with these protocols 
do notice and their technologies are delayed as a result.

In addition, your logic will not stop bots installed via email. It 
doesn't have to be a worm. Enough end users will click the exe 
themselves despite the fact they have no clue what it is or who it's 
from. They are curious, so they open it. Each week, I have to explain to 
a user who's account I suspended that curiousity killed the cat. I Gigs 
of executables from email to help protect the majority of our user base, 
and yet they go to some webmail provider to get infected or just sit on 
irc or accept files across instant messenger. So much for network 
security. Now they have a bot sitting behind NAT with a source started 
irc uplink for commands. It's a good thing my network is multi-staged 
spoof protected both ways.

-Jack

• Previous message (by thread): WANTED: ISPs with DDoS defense solutions
• Next message (by thread): WANTED: ISPs with DDoS defense solutions
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]