[47306] in North American Network Operators' Group
Re: Effective ways to deal with DDoS attacks?
daemon@ATHENA.MIT.EDU (Vadim Antonov)
Thu May 2 04:52:01 2002
Date: Thu, 2 May 2002 01:50:08 -0700 (PDT)
From: Vadim Antonov <avg@exigengroup.com>
To: "Christopher L. Morrow" <chris@UU.NET>
Cc: <nanog@merit.edu>
In-Reply-To: <Pine.GSO.4.33.0205020433440.11583-100000@rampart.argfrp.us.uu.net>
Message-ID: <Pine.LNX.4.33.0205020127100.7519-100000@arch.exigengroup.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 2 May 2002, Christopher L. Morrow wrote:
> 1) I hack connected ISP X
> 2) I inject www.ebay.com /32 blackhole route
> 3) no more ebay
>
> I use ebay as an example of course, I wouldn't want them harmed cause how
> would I be able to buy all that nice routing gear at bargain basement
> prices without them? :)
Replace steps 2 and 3 with:
2) I route all packets going to Ebay to my box
3) I have my box to connect to real Ebay using passwords folks connecting
to my man-in-the-middle box (how many of them have a clue to carefully
look to the "SSL in use" icon anyway?)
4) I have the mershandise they bought shipped to me; and steal their CC
numbers in the process.
There are endless variations on the theme. Access to the routing
infrastructure _MUST_ be tightly controlled.
Intercepting traffic to root NSes is even more fun :) And, Satan bless
the folks who want to let Unicode into DNS names, having many visually
indistinguishable "ebay.com"s is a breeze, so one can get valid X.509
certificates for those undistinguishable "ebays", too.
--vadim
