On Thu, 24 Oct 2002, Richard Forno wrote:
I'd posit it's impossible to PREVENT a DDOS attack -- as such, as we did when they first manifested themselves in 1999, we need to develop response plans capable of meeting the onslaught and mitigating its impact so that things continue to function, even if they're degraded somewhat.
1999?! Doesn't anybody remember the massive SYN attack against Panix in 1995? Or that tfreak released smurf.c in July of 1997? (And was it fraggle or papasmurf that came the summer of the following year? Whichever one it was, the other came out within six months after that.) And those are just the ones I remember since I moved away from Rutgers and started working in the BBN NOC - I'm sure there were others even before that. (Not counting accidental operational incidents like the AS 7007 routing chaos in 1997 or the AS 8584 identitical issue a year later.) 1999 was just when Distributed DoS started getting a little airplay. We'd already had four fruitless years of dealing with DoS attacks by the time that happened. What would be wonderful is a radical change in the way we think about DoS attacks. It would be fabulous for someone (or a group of someones) to come up with a completely different way to approach the problem. I wish that I could be the person who does that, who sparks that change, but in the seven years I've been thinking about it, nothing's come to mind. So, seven years of hardening hosts against SYN attacks. Five years of trying to get people to turn off the forwarding of broadcast packets. Three years of botnets generating meg upon meg of crap-bandwidth. Where are the suuuuuper-geniuses? Kelly J. -- Kelly J. Cooper - Security Engineer, CISSP GENUITY - Main # - 800-632-7638 Woburn, MA 01801 - http://www.genuity.net