[98706] in North American Network Operators' Group
Re: ONS - The few the proud ... the sleeping
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Wed Aug 15 23:03:29 2007
To: "J. Oquendo" <sil@infiltrated.net>
Cc: =?UTF-8?B?Q2hpbG/DqSBUZW11Y28=?= <dzlboi@gmail.com>, nanog@nanog.org
In-Reply-To: Your message of "Wed, 15 Aug 2007 15:02:07 EDT."
<46C34DAF.4080908@infiltrated.net>
From: Valdis.Kletnieks@vt.edu
Date: Wed, 15 Aug 2007 22:57:39 -0400
Errors-To: owner-nanog@merit.edu
--==_Exmh_1187233059_11310P
Content-Type: text/plain; charset=us-ascii
On Wed, 15 Aug 2007 15:02:07 EDT, "J. Oquendo" said:
> Providers should start caring about what they're carrying. Haven't seen
> one message yet about the hording of "Storm Bot" and what someone is
> doing to nip this at the bud. Who better than the big boys. After all
> what happens when someone launches this botnet at say Mae-East/West or
> some other backbone.
I doubt if anybody would notice a DDoS attack against MAE-East. ;)
And we're unlikely to see many major DDoS attacks against backbones, for
a number of reasons:
1) You need a pretty big hose, or a *lot* of computers to do it.
2) The people with botnets tend to fall into 2 major groups: ankle-biters and pros.
2a) The ankle-biters don't hose down backbones because (1) they don't usually
even know what a backbone is, and (2) they're usually too busy pointing their
DDoS tools at some other ankle-biter or IRC admin that cheesed them off. Yes,
these guys have taken out a few mid-tiers, but it's accidental collateral
damage, not the intended target.
2b) The pros don't hose down backbones, because if a backbone is down, they
can't make money from their now-disconnected botnet.
Yeah, a concerted effort probably *would* take out AS701 or similar. But we
don't see it happen often, because the people who have the ability to do it
also realize that while AS701 is out napping, their other business ventures
are taking a hit from the lost connectivity...
--==_Exmh_1187233059_11310P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFGw70jcC3lWbTT17ARAg80AKCxPDtuEeMh+ar3n8jrvD1SRPtsAQCggATd
iJIPHHdpdNcA4IFmLuJPGsU=
=e6nU
-----END PGP SIGNATURE-----
--==_Exmh_1187233059_11310P--
