Over a decade of DDOS--any progress yet?

Blake Dunlap ikiris at gmail.com
Mon Dec 6 08:05:04 UTC 2010

On Mon, Dec 6, 2010 at 01:50, Sean Donelan <sean at donelan.com> wrote:

> February 2000 weren't the first DDOS attacks, but the attacks on multiple
> well-known sites did raise DDOS' visibility.
> What progress has been made during the last decade at stopping DDOS
> attacks?
> SMURF attacks creating a DDOS from directed broadcast replies seems to have
> been mostly mitigated by changing defaults in major router OS's.
> TCP SYN attacks creating a DDOS from leaving many half-open connections
> seems to have been mostly mitigated with SYN Cookies or similar OS changes.
> Other than buying lots of bandwidth and scrubber boxes, have any other DDOS
> attack vectors been stopped or rendered useless during the last decade?
> Spoofing?
> Bots?
> Protocol quirks?
If anything, the potential is worse now than it ever has been unless you
have just ridiculous amounts of bandwidth, as the ratios between leaf user
connectivity and data center drops have continued to close. The finger of
packety death may be rare, but it is more powerful than ever, just ask
Wikileaks, I believe that they were subject to 10Gbit+ at times.

At least the frequency has dropped in recent years, if not the amplitude,
and I am thankful for that, due to in no small part to what you list above,
as it mostly requires compromised bots to preform major attacks now, instead
of having many available unwitting non-compromised assists spread across the
internet like previously.

More information about the NANOG mailing list