|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: WANTED: ISPs with DDoS defense solutions
> > 1) The OS/software/default settings for a lot of internet connected > > machines are weak, making it easy to attack from multiple locations. > > > IŽll start looking for this to happen when Microsoft manages to release > an OS version which does not contain remote exploitable flaw before > the boxes hit the store self. lots of late night pondering tonight. the anti-nat anti-firewall pure-end-to-end crowd has always argued in favour of "every host for itself" but in a world with a hundred million unmanaged but reprogrammable devices is that really practical? if *all* dsl and cablemodem plants firewalled inbound SYN packets and/or only permitted inbound UDP in direct response to prior valid outbound UDP, would rob really have seen a ~140Khost botnet this year? -- Paul Vixie
|