OBESEUS - A new type of DDOS protector
gfortaine at live.com
Mon Mar 15 22:47:57 CDT 2010
Thank you for your reply.
1) First of all, I am absolutely not related to the Obeseus project.
From my point of view, the interesting things were that :
a) This project was unknown.
b) This project comes from an ISP.
c) Its code is Open Source.
My conclusion is that I give far more credit to Obeseus than to Arbor
Networks. By the way, I am surprised that this post didn't generate more
interest given the uninteresting babble that I have been forced to read
in the past on the NANOG mailing-list from the so-called "experts".
2) EDoS is a "DDoS 2.0"
DDoS is about malicious traffic.
EDoS is malicious traffic engineered to look like legitimate one.
However, the goal is the same : "to obliterate the service
infrastructure", to quote Mister Morrow.
3) I do my homeworks something that doesn't seem to be the case for a
lot of people on this mailing-list.
a) I would want to highlight the post of Tom Sands, Chief Network
Engineer, Rackspace Hosting entitled "DDoS mitigation recommendations" .
-It seems evidence that he tried the Arbor solution so the three
"Arbor++" mails don't make sense.
-About the fourth one :
"Sorry but RTFM
Hey kid, Tom Sands subscribed nearly a decade ago on the NANOG
mailing-list. When you went out of school, he was already dealing with
DoS concerns :
b) I am really asking myself how much credit I could give to a spam
expert, Suresh Ramasubramanian, about a DDoS related post .
c) Mister Morrow, even if you are a Network Security engineer at Google
 (morrowc at google.com) :
-You didn't provide any useful feedback on Obeseus.
-You totally missed the point on my other mails.
This is definitely disappointing.
Is this mailing-list a joke ?
Especially, where is Roland Dobbins ?
On 03/16/2010 03:11 AM, Suresh Ramasubramanian wrote:
> I got your point. What I was saying is that what he calls EDoS (and
> I'm sure he'll say obliterating infrastructure is the ultimate form of
> an economic dos) is just what goes on ...
> You may or may not be able to overload the AWS infrastructure by too
> many queries but you sure as hell will blow the application out if
> that ddos isnt filtered .. edos again.
> On Tue, Mar 16, 2010 at 7:35 AM, Christopher Morrow
> <morrowc.lists at gmail.com> wrote:
>> eh.. I guess I'm splitting hairs. the goal of 100k bots sending 1
>> query per second to a service that you know can only sustain 50k
>> queries/second is.. not to economically Dos someone, it's to
>> obliterate their service infrastructure.
>> Sure, you could ALSO target something hosted (for instance) at
>> Amazon-AWS and increase costs by making lots and lots and lots of
>> queries, but that wasn't the point of what Deepak wrote, nor what i
More information about the NANOG