North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: WANTED: ISPs with DDoS defense solutions
On Wed, 30 Jul 2003 [email protected] wrote: > > On Wed, 30 Jul 2003, Mike Tancsa wrote: > > > I recall one of our users was involved in a DoS once a few years back > > when the "giant pings" could crash MS boxes. The fact that his perceived > > anonymity was removed was enough to keep him from repeating his > > attacks.... > > If these issues are addressed then it becomes a lot harder to remain > anonymous and starting DDoS attacks against targets that can trace you > becomes a lot less attractive. > Sure, trace my attacks to the linux box at UW, I didn't spoof the flood and you can prove I did the attacking how? You can't because I and 7 other hackers all are fighting eachother over ownership of the poor UW student schlep's computer... The problem isn't the network, nor the filtering/lack-of-filtering, its a basic end host security problem. Until that is resolved, the ability of attackers to own boxes in remote locations and use them for malfeasance will continue to haunt us. I would guess that the other owners of the machines attacking Mike (assuming they got the emails he sent... big assumption) probably said: "Great another person getting attacked from that joker's win2k machine, hurray:(" and moved on about thier business. They know that they can't get the end user to secure their machine and they know that if the get him/her to reload the OS or 'clean' it of the 'virus' the problem will arise anew within 17 minutes :( I'm all for raising the bar on attackers and having end networks implement proper source filtering, but even with that 1000 nt machines pinging 2 packet per second is still enough to destroy a T1 customer, and likely with 1500 byte packets a T3 customer as well. You can't stop this without addressing the host security problem... > Cheers, > > Rich >
|