On Mon, 06 Oct 2003 19:38:38 EDT, jlewis@lewis.org said:
A handful of people (an assumption on my part) have the power / distributed bandwidth to bring just about any internet site/network to its knees using the distributed.net meets DoS tools they've created and distributed to thousands, perhaps millions of internet connected windows boxes.
Zombie networks of 10K or 20K machines all controlled by *one* black hat are not uncommon now, and I've seen a citation for a single net of 140K. Let's assume the interesting hosts are on cablemodem, that they have 2Mbit/sec connectivity, and that one black hat has 10K (if you prefer, he's got 20K but the rest are on slow links). Now tell me - how many of you have enough *excess* bandwidth that you can afford not to worry about suddenly being handed a 200Gbit/sec inbound stream? And if you don't have enough spare capacity, are you set up to deal with 10K machines attacking, quite possibly with spoofed addresses because your peers don't ingress filter? Remember guys - Yahoo got whacked by MafiaBoy using only several hundred machines. You could be the recipient of a flood 200 times bigger. And if you're not ready, it won't be an operational issue - it will be a NON-operational issue, because that's what your network will be....