[90526] in North American Network Operators' Group
Re: Black Frog - the botnets keep coming
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue May 30 13:05:03 2006
To: Alexei Roudnev <alex@relcom.net>
Cc: Suresh Ramasubramanian <ops.lists@gmail.com>,
Fergie <fergdawg@netzero.net>, ge@linuxbox.org, fw@deneb.enyo.de,
nanog@merit.edu
In-Reply-To: Your message of "Tue, 30 May 2006 09:44:49 PDT."
<035001c68408$5e42aab0$6401a8c0@alexh>
From: Valdis.Kletnieks@vt.edu
Date: Tue, 30 May 2006 13:04:12 -0400
Errors-To: owner-nanog@merit.edu
--==_Exmh_1149008652_3454P
Content-Type: text/plain; charset=us-ascii
On Tue, 30 May 2006 09:44:49 PDT, Alexei Roudnev said:
> Netwok must be designed to survive few DDOS attacks easily, by
> auto-isolating and auto-limiting such traffic. Else,
> you will have a serious problems if real traffic became congested (for
> example, everyone rush to download fee iPOD songs).
Mafiaboy hosed down a few big sites - I think he had something like 850
zombies under his control. Today's botnets are averaging some 100x the size.
The problem is cost - the vast majority of sites on the Internet really *can't*
afford the resources needed to withstand the impact of a 100K zombie botnet
or a mention on Slashdot. Even sites with big pipes have to make judgment
calls - our site has enough OC-12's worth of pipe to ride out a small attack.
But at some point, we need to draw the line and say "We're not putting in
another OC-48 until our normal traffic justifies it, and we'll just have to
bet that we don't piss off anybody with an OC-48's worth of zombies".
> Script-kiddies... what's about them, they existed in 199x-th as well and
> they will exist in 201x.
10 years ago, the script-kiddies were armed with the equivalent of switchblade
knives - now they're packing the equivalent of AK-47s and several magazines
of extra ammo.
--==_Exmh_1149008652_3454P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFEfHsMcC3lWbTT17ARAnTWAJ4tqQq/DuenyuTLOGg3l5qUDM825wCg90kJ
Q0mSNQPUiKgO3t2nRqQUgsc=
=9UvL
-----END PGP SIGNATURE-----
--==_Exmh_1149008652_3454P--
