[123787] in North American Network Operators' Group
Re: OBESEUS - A new type of DDOS protector
daemon@ATHENA.MIT.EDU (Nathan Ward)
Tue Mar 16 00:02:18 2010
From: Nathan Ward <nanog@daork.net>
In-Reply-To: <BLU0-SMTP325A6BFB908C14D5D47527C82D0@phx.gbl>
Date: Tue, 16 Mar 2010 17:01:38 +1300
To: nanOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
If only there were other security experts on this list with a proven =
ability to make this thread even more absurd.
On 16/03/2010, at 4:47 PM, Guillaume FORTAINE wrote:
> Misters,
>=20
> Thank you for your reply.
>=20
> 1) First of all, I am absolutely not related to the Obeseus project. =
=46rom my point of view, the interesting things were that :
>=20
> a) This project was unknown.
>=20
> =
http://www.google.com/search?q=3D"obeseus"+"ddos"&btnG=3DSearch&hl=3Den&es=
rch=3DFT1&sa=3D2
>=20
>=20
> b) This project comes from an ISP.
>=20
> http://www.loud-fat-bloke.co.uk/links.html
>=20
>=20
> c) Its code is Open Source.
>=20
> http://www.loud-fat-bloke.co.uk/tools/obeseusvB.tar.gz
>=20
>=20
> My conclusion is that I give far more credit to Obeseus than to Arbor =
Networks. By the way, I am surprised that this post didn't generate more =
interest given the uninteresting babble that I have been forced to read =
in the past on the NANOG mailing-list from the so-called "experts".
>=20
>=20
> 2) EDoS is a "DDoS 2.0"
>=20
> DDoS is about malicious traffic.
>=20
> EDoS is malicious traffic engineered to look like legitimate one.
>=20
> However, the goal is the same : "to obliterate the service =
infrastructure", to quote Mister Morrow.
>=20
>=20
>=20
> 3) I do my homeworks something that doesn't seem to be the case for a =
lot of people on this mailing-list.
>=20
> a) I would want to highlight the post of Tom Sands, Chief Network =
Engineer, Rackspace Hosting entitled "DDoS mitigation recommendations" =
[1].
>=20
> -It seems evidence that he tried the Arbor solution so the three =
"Arbor++" mails don't make sense.
>=20
> -About the fourth one :
>=20
> "Sorry but RTFM
>=20
> =
http://mailman.nanog.org/pipermail/nanog/2010-January/thread.html#16675
>=20
> Best regards"
>=20
> Hey kid, Tom Sands subscribed nearly a decade ago on the NANOG =
mailing-list. When you went out of school, he was already dealing with =
DoS concerns :
>=20
> http://www.mcabee.org/lists/nanog/Jan-02/msg00177.html
>=20
>=20
>=20
> b) I am really asking myself how much credit I could give to a spam =
expert, Suresh Ramasubramanian, about a DDoS related post [2].
>=20
>=20
> c) Mister Morrow, even if you are a Network Security engineer at =
Google [3] (morrowc@google.com) :
>=20
> -You didn't provide any useful feedback on Obeseus.
>=20
> -You totally missed the point on my other mails.
>=20
> This is definitely disappointing.
>=20
>=20
> Is this mailing-list a joke ?
>=20
> Especially, where is Roland Dobbins ?
>=20
>=20
> Best Regards,
>=20
> Guillaume FORTAINE
>=20
> [1] http://mailman.nanog.org/pipermail/nanog/2010-January/016675.html
> [2] http://www.hserus.net/
> [3] http://www.linkedin.com/in/morrowc
>=20
>=20
>=20
> On 03/16/2010 03:11 AM, Suresh Ramasubramanian wrote:
>> I got your point. What I was saying is that what he calls EDoS (and
>> I'm sure he'll say obliterating infrastructure is the ultimate form =
of
>> an economic dos) is just what goes on ...
>>=20
>> You may or may not be able to overload the AWS infrastructure by too
>> many queries but you sure as hell will blow the application out if
>> that ddos isnt filtered .. edos again.
>>=20
>> On Tue, Mar 16, 2010 at 7:35 AM, Christopher Morrow
>> <morrowc.lists@gmail.com> wrote:
>> =20
>>>=20
>>> eh.. I guess I'm splitting hairs. the goal of 100k bots sending 1
>>> query per second to a service that you know can only sustain 50k
>>> queries/second is.. not to economically Dos someone, it's to
>>> obliterate their service infrastructure.
>>>=20
>>> Sure, you could ALSO target something hosted (for instance) at
>>> Amazon-AWS and increase costs by making lots and lots and lots of
>>> queries, but that wasn't the point of what Deepak wrote, nor what i
>>> corrected.
>>> =20
>>=20
>>=20
>> =20
>=20
>=20
> !DSPAM:22,4b9effc213882481555555!
>=20
>=20
