North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: WANTED: ISPs with DDoS defense solutions

On Wed, 30 Jul 2003, Christopher L. Morrow wrote:

> Sure, trace my attacks to the linux box at UW, I didn't spoof the flood
> and you can prove I did the attacking how? You can't because I and 7 other
> hackers all are fighting eachother over ownership of the poor UW student
> schlep's computer...

You're quite right.  This only means we'll be able to:

1) Stop the attack more quickly.

2) Alert the admins of the box that it's owned so that they can fix it and 
begin tracing how it happened.

> I'm all for raising the bar on attackers and having end networks implement
> proper source filtering, but even with that 1000 nt machines pinging 2
> packet per second is still enough to destroy a T1 customer, and likely
> with 1500 byte packets a T3 customer as well. You can't stop this without
> addressing the host security problem...

Agreed, we all (network providers, router vendors, software vendors and
end users) need to be working together to solve this problem.  There is no 
magic bullet.