North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: WANTED: ISPs with DDoS defense solutions
On Wed, 30 Jul 2003, Mike Tancsa wrote: > I recall one of our users was involved in a DoS once a few years back > when the "giant pings" could crash MS boxes. The fact that his perceived > anonymity was removed was enough to keep him from repeating his > attacks.... That's the heart of the problem. Anyone who's owned enough boxes can sit there happily running a DDoS anonymously against a target because: 1) The OS/software/default settings for a lot of internet connected machines are weak, making it easy to attack from multiple locations. 2) A lot of networks have no customer or egress filtering and make it a lot more difficult to trace DDoS traffic because it generally uses faked source addresses. If these issues are addressed then it becomes a lot harder to remain anonymous and starting DDoS attacks against targets that can trace you becomes a lot less attractive. Cheers, Rich
|