[68389] in North American Network Operators' Group
RE: Counter DoS
daemon@ATHENA.MIT.EDU (Pendergrass, Greg)
Thu Mar 11 05:04:19 2004
From: "Pendergrass, Greg" <Greg.Pendergrass@vodafone.com>
To: "'Joshua Brady'" <jbrady@neoins.com>, isp-chat@isp-chat.com
Cc: nanog@merit.edu
Date: Thu, 11 Mar 2004 09:59:22 -0000
Errors-To: owner-nanog-outgoing@merit.edu
I can see now that it's only a matter of time before some nut writes "The
Art of War in the Internet". I read the whitepaper, it goes on a lot about
how defensive policies are ineffective but doesn't really say why active
response has never been tried:
A. Most of the time dDOS traffic is from spoofed sources anyway so whichever
machine you "return fire" on is probably not the one that attacked you.
B. NAT translation means a hacker has a tailor-made defense against any
active repsonse.
C. Even if you can directly attack a machine being used against you it's
almost certainly not the perpetrator's box, he/she is sitting half a world
away. The box you intentionally destroy is likely some innocent family PC
that was taken over using some unplugged windows security hole.
D. Widely deployed active defense will give an attacker a new form of dDOS
attack, spoof the source of the one you want to hit in attacking several
"active defense" systems and watch them attack your target for you.
Their proposition is a terrible idea and their "rules of engagement" would
be funny instead of frightening if it wasn't serious
GP
-----Original Message-----
From: Joshua Brady [mailto:jbrady@neoins.com]
Sent: 11 March 2004 01:27
To: isp-chat@isp-chat.com
Cc: nanog@merit.edu
Subject: Counter DoS
http://news.zdnet.co.uk/internet/security/0,39020375,39148215,00.htm
Comments?
Vodafone Global Content Services Limited
Registered Office: Vodafone House, The Connection, Newbury, Berkshire RG14 2FN
Registered in England No. 4064873
This e-mail is for the addressee(s) only. If you are not an addressee, you
must not distribute, disclose, copy, use or rely on this e-mail or its
contents, and you must immediately notify the sender and delete this e-mail
and all copies from your system. Any unauthorised use may be unlawful. The
information contained in this e-mail is confidential and may also be legally
privileged.
