DDoS attacks

up at 3.am up at 3.am
Thu Jul 12 14:22:54 UTC 2001


On Thu, 12 Jul 2001, Brad wrote:

> Here are my thoughts on DDoS:
> 
> -The problem should not be addressed by going after the
> originators of the attacks, rather a real-time targeting
> system for those 'compromised' client computers with zombies

I think this approach, while helpful, isn't going to solve anything.  I
seem to recall an RBL of sorts (Denninger?) for networks that had routers
that allowed directed broadcasts, and thus smurf attacks.  Cisco also
(finally) put it in their default config.

Problem solved?  Well, smurf attacks are down, but DDoS attacks are way
up.  Why?  Well, you can put a big part of the blame on M$, but my guess
is that many of the same perpetrators of those smurf attacks are now
operating these bots.  I can't help but believe that if even 20% of them
were caught and had to spend just a little time (even hours) with the
cops, and had their peecees confiscated, you'd not be seeing nearly the
problems we are now.

Yes, going after vulnerabilities are good, but you'll never get them all.
If you were to go after the source of the attacks, and just got enough to
demonstrate that this is a much riskier activity than it is now, I think
it would be much more effective.

7-11's aren't built like banks, but those cameras (and tanacious
investigations) have drastically reduced holdups.

James Smallacombe		      PlantageNet, Inc. CEO and Janitor
up at 3.am							    http://3.am
=========================================================================




More information about the NANOG mailing list