[63488] in North American Network Operators' Group
Re: Re[2]: CCO/cisco.com issues.
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Mon Oct 6 19:56:19 2003
To: jlewis@lewis.org
Cc: Allan Liska <allan@allan.org>, Kai Schlichting <kai@pac-rim.net>,
nanog@merit.edu
In-Reply-To: Your message of "Mon, 06 Oct 2003 19:38:38 EDT."
<Pine.LNX.4.44.0310061927350.8137-100000@redhat1.mmaero.com>
From: Valdis.Kletnieks@vt.edu
Date: Mon, 06 Oct 2003 19:55:34 -0400
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_1855735732P
Content-Type: text/plain; charset=us-ascii
On Mon, 06 Oct 2003 19:38:38 EDT, jlewis@lewis.org said:
> A handful of people (an assumption on my part) have the power /
> distributed bandwidth to bring just about any internet site/network to its
> knees using the distributed.net meets DoS tools they've created and
> distributed to thousands, perhaps millions of internet connected windows
> boxes.
Zombie networks of 10K or 20K machines all controlled by *one* black
hat are not uncommon now, and I've seen a citation for a single net of 140K.
Let's assume the interesting hosts are on cablemodem, that they have 2Mbit/sec
connectivity, and that one black hat has 10K (if you prefer, he's got 20K but
the rest are on slow links). Now tell me - how many of you have enough
*excess* bandwidth that you can afford not to worry about suddenly being handed
a 200Gbit/sec inbound stream? And if you don't have enough spare capacity,
are you set up to deal with 10K machines attacking, quite possibly with spoofed
addresses because your peers don't ingress filter?
Remember guys - Yahoo got whacked by MafiaBoy using only several hundred
machines. You could be the recipient of a flood 200 times bigger.
And if you're not ready, it won't be an operational issue - it will be a NON-operational
issue, because that's what your network will be....
--==_Exmh_1855735732P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQE/ggD1cC3lWbTT17ARAvz0AJ9qZ7rEja2j2rica65AjvVmG8Y0oQCg18Lp
hKpwLPxqa8qwdRpgmgIvicM=
=38w7
-----END PGP SIGNATURE-----
--==_Exmh_1855735732P--
