Effective ways to deal with DDoS attacks?
Vadim Antonov
avg at exigengroup.com
Thu May 2 08:50:08 UTC 2002
On Thu, 2 May 2002, Christopher L. Morrow wrote:
> 1) I hack connected ISP X
> 2) I inject www.ebay.com /32 blackhole route
> 3) no more ebay
>
> I use ebay as an example of course, I wouldn't want them harmed cause how
> would I be able to buy all that nice routing gear at bargain basement
> prices without them? :)
Replace steps 2 and 3 with:
2) I route all packets going to Ebay to my box
3) I have my box to connect to real Ebay using passwords folks connecting
to my man-in-the-middle box (how many of them have a clue to carefully
look to the "SSL in use" icon anyway?)
4) I have the mershandise they bought shipped to me; and steal their CC
numbers in the process.
There are endless variations on the theme. Access to the routing
infrastructure _MUST_ be tightly controlled.
Intercepting traffic to root NSes is even more fun :) And, Satan bless
the folks who want to let Unicode into DNS names, having many visually
indistinguishable "ebay.com"s is a breeze, so one can get valid X.509
certificates for those undistinguishable "ebays", too.
--vadim
More information about the NANOG
mailing list