WANTED: ISPs with DDoS defense solutions
Mike Tancsa
mike at sentex.net
Wed Jul 30 19:53:30 UTC 2003
At 03:19 PM 30/07/2003 -0400, Jared Mauch wrote:
>On Wed, Jul 30, 2003 at 02:43:16PM -0400, Mike Tancsa wrote:
> >
> > At 10:58 AM 30/07/2003 -0400, Jared Mauch wrote:
> >
> > > If someone abuses the PSTN, or other networks they eventually
> > >will get their service terminated. If people abuse their access by
> > >launching DoS attacks, we need to catch them and get their access
> >
> > Gee, wouldnt that be nice. Having personally dealt with one that had ~
> 500
> > hosts involved on several dozen networks, I can confirm that of all the
> > repeated pleas for help to said networks to track down the controlling
> > party, I had a grand total of ONE (yes, 1 as in one above zero) who
> > actually responded with a response beyond the auto-responders.... And that
> > was to let me know that the user in question had already formatted their
> > hard drive before the admin could see what was on the machine and who
> might
> > have been controlling the machine.
> >
> > It took several _weeks_ for all the attacking hosts to be killed off with
> > several reminder messages to various networks. So I dont hold much
> > optimism for actually tracking down the actual attacker.
>
> While I can have sympathy for this situation, you removed my
>argument about the "DoS and forget".
I understand the point you are making, but I am speaking just to the side
comment you made, "we need to catch them and get their access." I totally
agree with you. But based on my recent experiences with organizational
responses, it seems NO ONE agrees with it in practice.
It seems all the discussion around DDoSes center on ways of coping with
DDoSes, or mitigating the effects and not making 'the solutions worse than
the problem.' However, there does not seem to be enough discussion and
effort in to catching and prosecuting the people doing it. I would be at
least happy with the "catching part." I recall one of our users was
involved in a DoS once a few years back when the "giant pings" could crash
MS boxes. The fact that his perceived anonymity was removed was enough to
keep him from repeating his attacks....
---Mike
More information about the NANOG
mailing list