[33136] in North American Network Operators' Group
Re: NPIC Warning
daemon@ATHENA.MIT.EDU (Sean Donelan)
Sat Dec 30 19:59:30 2000
Date: 30 Dec 2000 16:57:35 -0800
Message-ID: <20001231005735.12728.cpmta@c004.sfo.cp.net>
Content-Type: text/plain
Content-Disposition: inline
Mime-Version: 1.0
To: nanog@merit.edu
From: Sean Donelan <sean@donelan.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Sat, 30 December 2000, Marshall Eubanks wrote:
> List members might be interested in this zombie warning :
>
> http://www.nipc.gov/warnings/advisories/2000/00-063.htm
>
> as reported in
> http://www.wired.com/news/technology/0,1282,40905,00.html?tw=wn20001230
>
> Real threat, or someone seeking funding ?
I like the holiday warnings because they often let me know about
holidays I never knew existed. They sometimes read a bit like
this day in revolutionary history. The problem is every day of
the year is important to some group.
However, a holiday DDOS attack is a bit of an oxymoron. If a tree
falls in a forest.... If no one is using the service over the holiday
weekend, is anyone denied? The "pearl harbor" sunday morning attack
isn't the best model for DDOS.
Rapid distribution of e-mail viruses implies lots of people reading
e-mail. Fewer people read e-mail over the holiday weekend suggesting a
slower spread of viruses. E-mail viruses spread the fastest during
the workday.
DDOS attacks are most devestating when network traffic is already
near its peak. A truck jackknifed in the middle of rush hour affects
a lot more people than an accident on sunday morning. DDOS isn't as
effective when there is lots of spare capacity.
Collecting zombie computers is mostly a matter of numbers. Since many
of the probes are automated, they occur 24 hours a day 7 days a week without
regard of holdays or weekends.
Of course, that presumes there is some logic or reason for the attack.
