On Thu, 12 Jul 2001, Brad wrote:
Here are my thoughts on DDoS:
-The problem should not be addressed by going after the originators of the attacks, rather a real-time targeting system for those 'compromised' client computers with zombies
I think this approach, while helpful, isn't going to solve anything. I seem to recall an RBL of sorts (Denninger?) for networks that had routers that allowed directed broadcasts, and thus smurf attacks. Cisco also (finally) put it in their default config. Problem solved? Well, smurf attacks are down, but DDoS attacks are way up. Why? Well, you can put a big part of the blame on M$, but my guess is that many of the same perpetrators of those smurf attacks are now operating these bots. I can't help but believe that if even 20% of them were caught and had to spend just a little time (even hours) with the cops, and had their peecees confiscated, you'd not be seeing nearly the problems we are now. Yes, going after vulnerabilities are good, but you'll never get them all. If you were to go after the source of the attacks, and just got enough to demonstrate that this is a much riskier activity than it is now, I think it would be much more effective. 7-11's aren't built like banks, but those cameras (and tanacious investigations) have drastically reduced holdups. James Smallacombe PlantageNet, Inc. CEO and Janitor up@3.am http://3.am =========================================================================