[47359] in North American Network Operators' Group
RE: DDOS attacks and Large ISPs doing NAT?
daemon@ATHENA.MIT.EDU (Mansey, Jon)
Thu May 2 14:17:17 2002
Message-ID: <43CAA8BAF8A21049B3ABF1A70AED597532EE8D@laxexg01.la.interpacket.net>
From: "Mansey, Jon" <Jon_Mansey@verestar.com>
To: "'Gary E. Miller'" <gem@rellim.com>
Cc: "'nanog@merit.edu'" <nanog@merit.edu>
Date: Thu, 2 May 2002 11:06:33 -0700
MIME-Version: 1.0
Content-Type: text/plain
Errors-To: owner-nanog-outgoing@merit.edu
That would come under the heading of a virus or trojan I believe. And sure
there is no reason a NAT'd cell phone couldnt participate in this type of
attack.
The DDOS discussion is specifically referring to a "live" syn or syn/ack
attack from hosts that respond to connection requests. A NAT'd cell phone
wont, cant ever, respond to an unsolicited connection request.
jm
> -----Original Message-----
> From: Gary E. Miller [mailto:gem@rellim.com]
> Sent: Thursday, May 02, 2002 11:00 AM
> To: Mansey, Jon
> Cc: nanog@merit.edu
> Subject: RE: DDOS attacks and Large ISPs doing NAT?
>
>
> Yo Jon!
>
> On Thu, 2 May 2002, Mansey, Jon wrote:
>
> > To merge these 2 great threads, it is the case is it not
> that NAT is a
> > great way to avoid DDOS problems. I don't even want to imagine what
> > the billing/credit issues would be like if your always-on
> phone with a
> > real IP is used as a zombie in a DDOS. "Hey I didn't use all that
> > traffic last month....etc etc"
>
> Who says a NATed host can not be a zombie? Get the NATed
> host to read an email virus. The virus then coonects to an
> IRC channel that tells the zombie when to spew.
>
> Each phone would not spew much, but imagine you got 100M
> phones to do your DDoS for you...
>
> RGDS
> GARY
> --------------------------------------------------------------
> -------------
> Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
> gem@rellim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676
>
>
