[133286] in North American Network Operators' Group
Re: Over a decade of DDOS--any progress yet?
daemon@ATHENA.MIT.EDU (Arturo Servin)
Wed Dec 8 07:28:50 2010
From: Arturo Servin <arturo.servin@gmail.com>
Date: Wed, 8 Dec 2010 10:28:34 -0200
In-Reply-To: <mailman.1.1291809602.90958.nanog@nanog.org>
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
One big problem (IMHO) of DDoS is that sources (the host of =
botnets) may be completely unaware that they are part of a DDoS. I do =
not mean the bot machine, I mean the ISP connecting those.
In the other hand the target of a DDoS cannot do anything to =
stop to attack besides adding more BW or contacting one by one the whole =
path of providers to try to minimize the effect.=20
I know that this has many security concerns, but would it be =
good a signalling protocol between ISPs to inform the sources of a DDoS =
attack in order to take semiautomatic actions to rate-limit the traffic =
as close as the source? Of course that this is more complex that these =
three or two lines, but I wonder if this has been considerer in the =
past.
Regards.
-as
On 8 Dec 2010, at 10:00, nanog-request@nanog.org wrote:
> Date: Wed, 8 Dec 2010 10:58:38 +0000
> From: bmanning@vacation.karoshi.com
> Subject: Re: Over a decade of DDOS--any progress yet?
> To: "Dobbins, Roland" <rdobbins@arbor.net>
> Cc: North American Operators' Group <nanog@nanog.org>
> Message-ID: <20101208105838.GD5841@vacation.karoshi.com.>
> Content-Type: text/plain; charset=3Dus-ascii
>=20
>=20
> actually, botnets are an artifact. claiming that the tool is the =
problem
> might be a bit short sighted. with the evolution of Internet =
technologies
> (IoT) i suspect botnet-like structures to become much more prevelent =
and=20
> useful for things other than coordinated attacks.
>=20
> just another PoV.
>=20
> --bill
>=20
> On Wed, Dec 08, 2010 at 04:46:13AM +0000, Dobbins, Roland wrote:
>>=20
>> On Dec 8, 2010, at 11:26 AM, Sean Donelan wrote:
>>=20
>>> Other than trying to hide your real address, what can be done to =
prevent DDOS in the first place.
>>=20
>>=20
>> DDoS is just a symptom. The problem is botnets. =20
>>=20
>> Preventing hosts from becoming bots in the first place and taking =
down existing botnets is the only way to actually *prevent* DDoS =
attacks. Note that prevention is distinct from *defending* oneself =
against DDoS attacks.
>>=20
>> =
-----------------------------------------------------------------------
>> Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
>>=20
>> Sell your computer and buy a guitar.
>>=20
>>=20
>>=20
>>=20
>>=20
>=20
