[133287] in North American Network Operators' Group
Re: Over a decade of DDOS--any progress yet?
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Wed Dec 8 07:54:32 2010
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: North American Operators' Group <nanog@nanog.org>
Date: Wed, 8 Dec 2010 12:53:51 +0000
In-Reply-To: <01811070-0EE1-44C2-A79A-FB9E68215D9A@gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Dec 8, 2010, at 7:28 PM, Arturo Servin wrote:
> One big problem (IMHO) of DDoS is that sources (the host of botnets) may=
be completely unaware that they are part of a DDoS. I do not mean the bot =
machine, I mean the ISP connecting those.
The technology exists to detect and classify this attack traffic, and is de=
ployed in production networks today.
And of course, the legitimate owners of the botted hosts are generally unaw=
are that their machine is being used for nefarious purposes.
> In the other hand the target of a DDoS cannot do anything to stop to att=
ack besides adding more BW or contacting one by one the whole path of provi=
ders to try to minimize the effect.
Actually, there're lots of things they can do.
> I know that this has many security concerns, but would it be good a sig=
nalling protocol between ISPs to inform the sources of a DDoS attack in ord=
er to take semiautomatic actions to rate-limit the traffic as close as the =
source? Of course that this is more complex that these three or two lines, =
but I wonder if this has been considerer in the past.
It already exists.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Sell your computer and buy a guitar.
