|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS)
On Sun, Mar 07, 2004 at 08:28:53PM +0000, Christopher L. Morrow wrote: > > Without any data to back this up, I'm estimating based on the attacks > > I've dealt with. > > I don't believe the number have gone down at all. If it has, it's done > > that for someone else, not me, > > Is this attacks on 'known magnets' or 'random stuff'. From what I've seen > the frequency of attacks on 'all customers' seems to be slowing SOME. > There are the normal nuisance points which attract attacks for whichever > reason. So, Avleen, can you seperate the 'known magnets' from 'random > stuff' and say which direction the trend is moving? If we class "popular websites", "servers / networks at major ISPs", "IRC servers" and "the latest popular thing" as magnets, and "small business sites", "personal pages" etc as the random stuff, then I don't believe attacks on magnets have gone down at all. On the random stuff I cannot comment, as I've had surprisingly little dealing with that. > As to the 'strength' of attacks. It seems that bandwidth and pps rates > have incresed over time. This COULD BE because you can own up 10,000 xp > machines in a heartbeat, or it could be a reflection of > bigger/better/faster single hosts being taken over. It's hard to tell from > my end of the party :( I don't think it would be unfair to assume it is both. Again that stands to simple logic. More hosts on the internet = more potential drones. More availible global bandwidth = larger volume output from each drone. > > I don't have any evidence. Nor do I *believe* the number of attacks is > > decreasing. If anything, its staying the same or going up, as more > > people decide it's fun to take networks offline through the greater and > > greater number of compromised hosts. > > The greater number of compromisable hosts seems to be the constant in this > arguement. So, like we've said for several years, until the end station is > secured 'better' the consistency and strength of attacks will continue > that upward trend. Indeed. I believe the ISP of the end user is the party responsible here. If the ISP is allowing access through their network, they need to be responsible for the data leaving their networl which originates in their network.
|