WANTED: ISPs with DDoS defense solutions
Rob Thomas
robt at cymru.com
Thu Jul 31 00:40:01 UTC 2003
Hi, NANOGers.
Ooooo, you just knew I'd have to chime in eventually. :)
] 1) The OS/software/default settings for a lot of internet connected
] machines are weak, making it easy to attack from multiple locations.
Yep, quite true. Vulnerable hosts are a commodity, not a scarce
resource. There are 728958 entries in my hacked device database
since 01 JAN 2003 that attest to this fact.
] 2) A lot of networks have no customer or egress filtering and make it a
] lot more difficult to trace DDoS traffic because it generally uses faked
] source addresses.
I've tracked 1787 DDoS attacks since 01 JAN 2003. Of that number,
only 32 used spoofed sources. I rarely see spoofed attacks now.
When a miscreant has 140415 bots (the largest botnet I've seen
this year), spoofing the source really isn't a requirement. :|
Filtering the bogons does help, and everyone should perform
anti-spoofing in the appropriate places. It isn't, however, a
silver bullet.
Thanks,
Rob.
--
Rob Thomas
http://www.cymru.com
ASSERT(coffee != empty);
More information about the NANOG
mailing list