North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: DDoS attacks
On Thu, 12 Jul 2001 [email protected] wrote: > On Thu, 12 Jul 2001, Brad wrote: > > > Here are my thoughts on DDoS: > > > > -The problem should not be addressed by going after the > > originators of the attacks, rather a real-time targeting > > system for those 'compromised' client computers with zombies > > I think this approach, while helpful, isn't going to solve anything. I > seem to recall an RBL of sorts (Denninger?) for networks that had routers > that allowed directed broadcasts, and thus smurf attacks. Cisco also > (finally) put it in their default config. Thanks for the post James. Well- I think we are dealing with different issues which seem to change things a bit.. Putting in 'no ip directed-broadcast' in a cisco interface is a one-time quick and easy fix for all of those problems. Therefore- calling the admin of a network who is allowing directed broadcasts, and even helping them to fix it for good, has been a good and easy task. However, the problem here is not-so easy to take care of on the provider(s) end. I tend to see this problem more-like open-relay issues. A open-relay SMTP server is just-as much a pain in the rear as a compromised windoze box (if not more) and we have several ways to combat open-relay issues currently through various testing and filtering systems. > Problem solved? Well, smurf attacks are down, but DDoS attacks are way > up. Why? Well, you can put a big part of the blame on M$, but my guess > is that many of the same perpetrators of those smurf attacks are now > operating these bots. I can't help but believe that if even 20% of them > were caught and had to spend just a little time (even hours) with the > cops, and had their peecees confiscated, you'd not be seeing nearly the > problems we are now. I would agree that if we actually caught and punished the attackers, the number of attacks would go down.. But there are a lot of issues with doing that. You have to wait till the attacker actually takes down and causes $$ damages to your network/company prior to even being looked at by a court. In this industry, many companies may not survive long if such an attack took place, and would most likely not be able to front attorney fees to go after a 15-year old who could questionably be tried and punished after the fact. > Yes, going after vulnerabilities are good, but you'll never get them all. > If you were to go after the source of the attacks, and just got enough to > demonstrate that this is a much riskier activity than it is now, I think > it would be much more effective. I like your feedback. Maybe we can do both :) > 7-11's aren't built like banks, but those cameras (and tanacious > investigations) have drastically reduced holdups. I dont know ;) They both have non-removable time-lock safes, security systems, cameras, magnetic-locking doors, panic-buttons, etc, etc... :) > James Smallacombe PlantageNet, Inc. CEO and Janitor > [email protected] http://3.am --- Brad Baker Director: Network Operations American ISP [email protected] +1 303 984 5700 x12 http://www.americanisp.net/
|