[133183] in North American Network Operators' Group
Re: Over a decade of DDOS--any progress yet?
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Mon Dec 6 04:21:48 2010
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: North American Network Operators Group <nanog@nanog.org>
Date: Mon, 6 Dec 2010 09:19:38 +0000
In-Reply-To: <alpine.GSO.2.00.1012060238030.19542@clifden.donelan.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Dec 6, 2010, at 2:50 PM, Sean Donelan wrote:
> Other than buying lots of bandwidth and scrubber boxes, have any other DD=
OS attack vectors been stopped or rendered useless during the last=20
> decade?
These .pdf presos pretty much express my view of the situation, though I do=
need to rev the first one:
<https://files.me.com/roland.dobbins/y4ykq0>
<https://files.me.com/roland.dobbins/k54qkv>
<https://files.me.com/roland.dobbins/j0a4sk>
The bottom line is that there are BCPs that help, but which many folks don'=
t seem to deploy, and then there's little or no thought at all given to mai=
ntaining availability when it comes to server/service/app architecture and =
operations, except by the major players who'd been through the wringer and =
invest the time and resources to increase their resilience to attack.
Of course, the fundamental flaws in the quarter-century old protocol stack =
we're running, with all the same problems plus new ones carried over into I=
Pv6, are still there. Couple that with the brittleness, fragility, and ins=
ecurity of the DNS & BGP, and the fact that the miscreants have near-infini=
te resources at their disposal, and the picture isn't pretty.
And nowadays, the attackers are even more organized and highly motivated (O=
C, financial/ideological) and therefore more highly incentivized to innovat=
e, the tools are easy enough for most anyone to make use of them, and tthe =
services/apps they attack are now of real importance to ordinary people.=20
So, while the state of the art in defense has improved, the state of the ar=
t and resources available to the attackers have also dramatically improved,=
and the overall level of indifference to the importance of maintaining ava=
ilability is unchanged - so the overall situation itself is considerably wo=
rse, IMHO. The only saving grace is that the bad guys often make so much m=
oney via identity theft, click-fraud, spam, and corporate/arm's-length gove=
rnmental espionage that they'd rather keep the networks/services/servers/ap=
ps/endpoints up and running so that they can continue to monetize them in o=
ther ways.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Sell your computer and buy a guitar.
