Counter DoS

Pendergrass, Greg Greg.Pendergrass at vodafone.com
Thu Mar 11 09:59:22 UTC 2004


I can see now that it's only a matter of time before some nut writes "The
Art of War in the Internet". I read the whitepaper, it goes on a lot about
how defensive policies are ineffective but doesn't really say why active
response has never been tried:

A. Most of the time dDOS traffic is from spoofed sources anyway so whichever
machine you "return fire" on is probably not the  one that attacked you. 

B. NAT translation means a hacker has a tailor-made defense against any
active repsonse. 

C. Even if you can directly attack a machine being used against you it's
almost certainly not the perpetrator's box, he/she is sitting half a world
away. The box you intentionally destroy is likely some innocent family PC
that was taken over using some unplugged windows security hole. 

D. Widely deployed active defense will give an attacker a new form of dDOS
attack, spoof the source of the one you want to hit in attacking several
"active defense" systems and watch them attack your target for you.

Their proposition is a terrible idea and their "rules of engagement" would
be funny instead of frightening if it wasn't serious

GP


-----Original Message-----
From: Joshua Brady [mailto:jbrady at neoins.com]
Sent: 11 March 2004 01:27
To: isp-chat at isp-chat.com
Cc: nanog at merit.edu
Subject: Counter DoS



http://news.zdnet.co.uk/internet/security/0,39020375,39148215,00.htm 

Comments?



Vodafone Global Content Services Limited 
Registered Office:  Vodafone House, The Connection, Newbury, Berkshire  RG14 2FN

Registered in England No. 4064873 

This e-mail is for the addressee(s) only.  If you are not an addressee, you
must not distribute, disclose, copy, use or rely on this e-mail or its
contents, and you must immediately notify the sender and delete this e-mail
and all copies from your system.  Any unauthorised use may be unlawful.  The
information contained in this e-mail is confidential and may also be legally
privileged.




More information about the NANOG mailing list