[60045] in North American Network Operators' Group
Re: WANTED: ISPs with DDoS defense solutions
daemon@ATHENA.MIT.EDU (variable@ednet.co.uk)
Wed Jul 30 18:16:32 2003
Date: Wed, 30 Jul 2003 23:15:37 +0100 (BST)
From: variable@ednet.co.uk
To: Mike Tancsa <mike@sentex.net>
Cc: Jared Mauch <jared@puck.nether.net>,
"nanog@nanog.org" <nanog@nanog.org>
In-Reply-To: <5.2.0.9.0.20030730152355.05c652e8@209.112.4.2>
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 30 Jul 2003, Mike Tancsa wrote:
> I recall one of our users was involved in a DoS once a few years back
> when the "giant pings" could crash MS boxes. The fact that his perceived
> anonymity was removed was enough to keep him from repeating his
> attacks....
That's the heart of the problem. Anyone who's owned enough boxes can sit
there happily running a DDoS anonymously against a target because:
1) The OS/software/default settings for a lot of internet connected
machines are weak, making it easy to attack from multiple locations.
2) A lot of networks have no customer or egress filtering and make it a
lot more difficult to trace DDoS traffic because it generally uses faked
source addresses.
If these issues are addressed then it becomes a lot harder to remain
anonymous and starting DDoS attacks against targets that can trace you
becomes a lot less attractive.
Cheers,
Rich
