On Dec 6, 2010, at 2:50 PM, Sean Donelan wrote:
Other than buying lots of bandwidth and scrubber boxes, have any other DDOS attack vectors been stopped or rendered useless during the last decade?
These .pdf presos pretty much express my view of the situation, though I do need to rev the first one: <https://files.me.com/roland.dobbins/y4ykq0> <https://files.me.com/roland.dobbins/k54qkv> <https://files.me.com/roland.dobbins/j0a4sk> The bottom line is that there are BCPs that help, but which many folks don't seem to deploy, and then there's little or no thought at all given to maintaining availability when it comes to server/service/app architecture and operations, except by the major players who'd been through the wringer and invest the time and resources to increase their resilience to attack. Of course, the fundamental flaws in the quarter-century old protocol stack we're running, with all the same problems plus new ones carried over into IPv6, are still there. Couple that with the brittleness, fragility, and insecurity of the DNS & BGP, and the fact that the miscreants have near-infinite resources at their disposal, and the picture isn't pretty. And nowadays, the attackers are even more organized and highly motivated (OC, financial/ideological) and therefore more highly incentivized to innovate, the tools are easy enough for most anyone to make use of them, and tthe services/apps they attack are now of real importance to ordinary people. So, while the state of the art in defense has improved, the state of the art and resources available to the attackers have also dramatically improved, and the overall level of indifference to the importance of maintaining availability is unchanged - so the overall situation itself is considerably worse, IMHO. The only saving grace is that the bad guys often make so much money via identity theft, click-fraud, spam, and corporate/arm's-length governmental espionage that they'd rather keep the networks/services/servers/apps/endpoints up and running so that they can continue to monetize them in other ways. ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Sell your computer and buy a guitar.