Misters, Thank you for your reply. 1) First of all, I am absolutely not related to the Obeseus project. From my point of view, the interesting things were that : a) This project was unknown. http://www.google.com/search?q="obeseus"+"ddos"&btnG=Search&hl=en&esrch=FT1&sa=2 b) This project comes from an ISP. http://www.loud-fat-bloke.co.uk/links.html c) Its code is Open Source. http://www.loud-fat-bloke.co.uk/tools/obeseusvB.tar.gz My conclusion is that I give far more credit to Obeseus than to Arbor Networks. By the way, I am surprised that this post didn't generate more interest given the uninteresting babble that I have been forced to read in the past on the NANOG mailing-list from the so-called "experts". 2) EDoS is a "DDoS 2.0" DDoS is about malicious traffic. EDoS is malicious traffic engineered to look like legitimate one. However, the goal is the same : "to obliterate the service infrastructure", to quote Mister Morrow. 3) I do my homeworks something that doesn't seem to be the case for a lot of people on this mailing-list. a) I would want to highlight the post of Tom Sands, Chief Network Engineer, Rackspace Hosting entitled "DDoS mitigation recommendations" [1]. -It seems evidence that he tried the Arbor solution so the three "Arbor++" mails don't make sense. -About the fourth one : "Sorry but RTFM http://mailman.nanog.org/pipermail/nanog/2010-January/thread.html#16675 Best regards" Hey kid, Tom Sands subscribed nearly a decade ago on the NANOG mailing-list. When you went out of school, he was already dealing with DoS concerns : http://www.mcabee.org/lists/nanog/Jan-02/msg00177.html b) I am really asking myself how much credit I could give to a spam expert, Suresh Ramasubramanian, about a DDoS related post [2]. c) Mister Morrow, even if you are a Network Security engineer at Google [3] (morrowc@google.com) : -You didn't provide any useful feedback on Obeseus. -You totally missed the point on my other mails. This is definitely disappointing. Is this mailing-list a joke ? Especially, where is Roland Dobbins ? Best Regards, Guillaume FORTAINE [1] http://mailman.nanog.org/pipermail/nanog/2010-January/016675.html [2] http://www.hserus.net/ [3] http://www.linkedin.com/in/morrowc On 03/16/2010 03:11 AM, Suresh Ramasubramanian wrote:
I got your point. What I was saying is that what he calls EDoS (and I'm sure he'll say obliterating infrastructure is the ultimate form of an economic dos) is just what goes on ...
You may or may not be able to overload the AWS infrastructure by too many queries but you sure as hell will blow the application out if that ddos isnt filtered .. edos again.
On Tue, Mar 16, 2010 at 7:35 AM, Christopher Morrow <morrowc.lists@gmail.com> wrote:
eh.. I guess I'm splitting hairs. the goal of 100k bots sending 1 query per second to a service that you know can only sustain 50k queries/second is.. not to economically Dos someone, it's to obliterate their service infrastructure.
Sure, you could ALSO target something hosted (for instance) at Amazon-AWS and increase costs by making lots and lots and lots of queries, but that wasn't the point of what Deepak wrote, nor what i corrected.