DNS issues various

Thu Oct 24 18:01:44 UTC 2002

On Thu, 24 Oct 2002, Richard Forno wrote:
>
> I'd posit it's impossible to PREVENT a DDOS attack -- as such, as we did
> when they first manifested themselves in 1999, we need to develop response
> plans capable of meeting the onslaught and mitigating its impact so that
> things continue to function, even if they're degraded somewhat.

1999?!  Doesn't anybody remember the massive SYN attack against Panix in
1995?  Or that tfreak released smurf.c in July of 1997?  (And was it
fraggle or papasmurf that came the summer of the following year?
Whichever one it was, the other came out within six months after that.)

And those are just the ones I remember since I moved away from Rutgers and
started working in the BBN NOC - I'm sure there were others even before
that.  (Not counting accidental operational incidents like the AS 7007
routing chaos in 1997 or the AS 8584 identitical issue a year later.)

1999 was just when Distributed DoS started getting a little airplay.  We'd
already had four fruitless years of dealing with DoS attacks by the time
that happened.

What would be wonderful is a radical change in the way we think about DoS
attacks.  It would be fabulous for someone (or a group of someones) to
come up with a completely different way to approach the problem.  I wish
that I could be the person who does that, who sparks that change, but in
the seven years I've been thinking about it, nothing's come to mind.

So, seven years of hardening hosts against SYN attacks.  Five years of
trying to get people to turn off the forwarding of broadcast packets.
Three years of botnets generating meg upon meg of crap-bandwidth.

Where are the suuuuuper-geniuses?

Kelly J.
--
Kelly J. Cooper        -  Security Engineer, CISSP
GENUITY                -  Main # - 800-632-7638
Woburn, MA 01801       -  http://www.genuity.net