I admit I only made it through half of this guy's page. And barring some of the reactionary speech, I was able to pull some technical content. My question, is this news to anyone? The capabilities of machines will continue to improve, the capabilities of networks will continue to improve [Moore's Law]. (Per my own rule of internet problem solving..) IFF the problem becomes a crisis, massive action will take place (similar to the spam problems in '97) to bring the abuse to a manageable level. This might be egress filtering at aggregation routers. I know most large networks use automated configuration management for their gear, and setting ingress filters from their PPPoE, PPPoA, and dial-up pools that only accept addresses from the likely pool of DHCP addresses wouldn't be too hard and probably a huge first step. I think most attacks (currently) are manageable either in their frequency or their ability to be filtered. IRC servers are an exception, and why many providers will not waste resources hosting small IRC servers. If the problem becomes severe, end-user address filtering will be the biggest single difference. One can draw examples from dialup providers (like MSN) filtering all attempts to connect to port 25 outbound from their dialup pool(s). And the corresponding drop in abuse, not just from them, but as a percentage of the whole. Spamming/attacking will then be left to the world of corporate internet connections and university dorms the way god intended. :) Deepak Jain -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Sean M. Doran Sent: Saturday, June 23, 2001 11:31 AM To: nanog@merit.edu Subject: DDOS anecdotes Some of you may find http://grc.com/dos/grcdos.htm very interesting. Sean.