[60060] in North American Network Operators' Group
Re: WANTED: ISPs with DDoS defense solutions
daemon@ATHENA.MIT.EDU (Paul Vixie)
Thu Jul 31 02:13:49 2003
To: nanog@merit.edu
From: Paul Vixie <vixie@vix.com>
Date: 31 Jul 2003 06:13:15 +0000
In-Reply-To: <017101c35729$6122c490$812a40c1@PETEX31>
Errors-To: owner-nanog-outgoing@merit.edu
> > 1) The OS/software/default settings for a lot of internet connected
> > machines are weak, making it easy to attack from multiple locations.
> >
> I=B4ll start looking for this to happen when Microsoft manages to release
> an OS version which does not contain remote exploitable flaw before
> the boxes hit the store self.
lots of late night pondering tonight.
the anti-nat anti-firewall pure-end-to-end crowd has always argued in
favour of "every host for itself" but in a world with a hundred million
unmanaged but reprogrammable devices is that really practical?
if *all* dsl and cablemodem plants firewalled inbound SYN packets and/or
only permitted inbound UDP in direct response to prior valid outbound UDP,
would rob really have seen a ~140Khost botnet this year?
--=20
Paul Vixie
