North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DDOS attacks lately?

  • From: Dan Foster
  • Date: Sun Aug 20 12:42:19 2000

Hot Diggety! Jason Slagle was rumored to have wrote:
> 
> That is completly NOT the case.  Once they cannot take over channels they
> just like to cause havoc.
> 
> We run a server on the Dalnet IRC Network and see SYN floods, Smurfs
> (Decreasing in frequency), fraggle, modified varients of pepsi and a
> number of other attacks.  Other servers have reported attacks upto 150mbs.
> 
> Only way to deal with it is with the FBI really.  You can't effectivly

Doesn't really scale well. Will the FBI go after those of international
origin (non-US) ? They have limited resources, as with any federal agency.

5 years ago, when a former employer called the FBI...they'd laugh if the
damage incurred wasn't at least USD $1 million. While they do have more funding
now for pursuing computer crime - they're still rather stretched, and what
does this mean for the smaller sites?

Simply that they're screwed with this current model and style of DDOS attacks.

Wish I knew what worked for DDOS attacks - conventional techniques doesn't
seem to work :( Calling in the FBI is a little like trying to clean up the
spilt milk -- doing it well after the damage has already been done. So you
bust the perp...someone sitting at a computer on a power trip that got carried
away. What then? How are you going to recover >$1M from a single individual
(or even a few)? There are *plenty* more waiting in the wings.

The numbers just aren't on the side of network operators, alas. Is it also
economically feasible to pursue and sue every single perp? No. Will all the
NOCs of ISPs along the path help trace in time to bust perps? No. Etc...

Difficult problem. More easily solved with better tools to detect along with
some inter-provider cooperation, for the short term. Along with things such
as ISPs filtering their egress traffic to avoid rogue spoofing - that has
been well known for some time now, but how many are *actually* doing it?

Good thing this isn't wartime, or I'm sure we'd see a dramatic upswing in
DOS attacks in general ;)

-Dan