Is there a line of defense against Distributed Reflective attacks?
E.B. Dreger
eddy+public+spam at noc.everquick.net
Sun Jan 19 04:27:17 UTC 2003
SD> Date: Sat, 18 Jan 2003 21:22:14 -0500 (EST)
SD> From: Sean Donelan
SD> 1) Make end-user systems less vulnerable to being compromised
With consumers, "cheap and easy" usually wins. More often than
not, I hear "I don't care if someone breaks into my computer or
my email, because I don't have anything private". One of our
customers knowingly had the ILOVEYOU virus for I can't remember
how many months. (Gotta love the rejected mail logs on _that_
one.)
With essentially one desktop OS, there's not a huge amount of
pressure to make a better product. How many known bugs were in
the fraction of Windows source code involved in the antitrust
case? My memory fades, but it seems code quality in the most
popular OS is not the highest priority.
SD> 2) Track and stop DDOS quickly when it does happen
Is it TCP/80 DDoS, or did you just get slashdotted? (I suppose
that goes along with #3, below.)
SD> 3) Find and convict the true attacker
IOW, find the "magic packet" someone used to bring 10,000 zombies
to life.
Question: Just how often do people need end-to-end IP traffic?
I'm not suggesting blocking it; that would be bad. But look at
AOL's proxied Web and email service... most people are none the
wiser. Perhaps end-to-end traffic should be blocked at the edge
until <???>.
And, oh yeah, "shut off the malicious and clueless" has worked
just great for stopping spam, hasn't it? As Chris Morrow and
others so often and aptly mention -- technical problem or social
malady?
Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist at brics.com>
To: blacklist at brics.com
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist at brics.com>, or you are likely to
be blocked.
More information about the NANOG
mailing list