DDOS anecdotes

Deepak Jain deepak at ai.net
Sat Jun 23 18:49:34 UTC 2001



I admit I only made it through half of this guy's page. And barring some of
the reactionary speech, I was able to pull some technical content.


My question, is this news to anyone?

The capabilities of machines will continue to improve, the capabilities of
networks will continue to improve [Moore's Law]. (Per my own rule of
internet problem solving..) IFF the problem becomes a crisis, massive action
will take place (similar to the spam problems in '97) to bring the abuse  to
a manageable level. This might be egress filtering at aggregation routers. I
know most large networks use automated configuration management for their
gear, and setting ingress filters from their PPPoE, PPPoA, and dial-up pools
that only accept addresses from the likely pool of DHCP addresses wouldn't
be too hard and probably a huge first step.

I think most attacks (currently) are manageable either in their frequency or
their ability to be filtered. IRC servers are an exception, and why many
providers will not waste resources hosting small IRC servers.

If the problem becomes severe, end-user address filtering will be the
biggest single difference. One can draw examples from dialup providers (like
MSN) filtering all attempts to connect to port 25 outbound from their dialup
pool(s). And the corresponding drop in abuse, not just from them, but as a
percentage of the whole.

Spamming/attacking will then be left to the world of corporate internet
connections and university dorms the way god intended. :)

Deepak Jain


-----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu]On Behalf Of
Sean M. Doran
Sent: Saturday, June 23, 2001 11:31 AM
To: nanog at merit.edu
Subject: DDOS anecdotes




Some of you may find http://grc.com/dos/grcdos.htm
very interesting.

	Sean.




More information about the NANOG mailing list