[61588] in North American Network Operators' Group
Re: On the back of other 'security' posts....
daemon@ATHENA.MIT.EDU (Jack Bates)
Sat Aug 30 13:39:45 2003
Date: Sat, 30 Aug 2003 12:36:07 -0500
From: Jack Bates <jbates@brightok.net>
To: Owen DeLong <owen@delong.com>
Cc: Matthew Sullivan <matthew@sorbs.net>, nanog@merit.edu
In-Reply-To: <2147483647.1062237820@imac-en0.delong.sj.ca.us>
Errors-To: owner-nanog-outgoing@merit.edu
Owen DeLong wrote:
Again, I just don't see where an ISP can or should be held liable for
> forwarding what appears to be a correctly formatted datagram with a valid
> destination address. This is the desired behavior and without it, the
> internet stops working. The problem is systems with consistent and
> persistent vulnerabilities. One software company is responsible for
> most of these, and, that would be the best place to concentrate any
> litigation aimed at fixing the problem through liquidated damages.
Most dDOS's come from bots. Bots are installed on all operating systems
and all architectures. I'd be surprised if the packets are all spoofed.
In most dDOS cases these days, they are real IP's and just a high number
of bots.
The person responsible is the bot maintainer. Finding the controller
medium (probably irc) is the hard part, but once done, monitoring who
controls the bots isn't near as hard. Tracking them down can be abit of
fun, but usually they get lazy about covering tracks at that point. A
few media enriched prison sentences would be good.
-Jack
