Hot Diggety! Jason Slagle was rumored to have wrote:
That is completly NOT the case. Once they cannot take over channels they just like to cause havoc.
We run a server on the Dalnet IRC Network and see SYN floods, Smurfs (Decreasing in frequency), fraggle, modified varients of pepsi and a number of other attacks. Other servers have reported attacks upto 150mbs.
Only way to deal with it is with the FBI really. You can't effectivly
Doesn't really scale well. Will the FBI go after those of international origin (non-US) ? They have limited resources, as with any federal agency. 5 years ago, when a former employer called the FBI...they'd laugh if the damage incurred wasn't at least USD $1 million. While they do have more funding now for pursuing computer crime - they're still rather stretched, and what does this mean for the smaller sites? Simply that they're screwed with this current model and style of DDOS attacks. Wish I knew what worked for DDOS attacks - conventional techniques doesn't seem to work :( Calling in the FBI is a little like trying to clean up the spilt milk -- doing it well after the damage has already been done. So you bust the perp...someone sitting at a computer on a power trip that got carried away. What then? How are you going to recover >$1M from a single individual (or even a few)? There are *plenty* more waiting in the wings. The numbers just aren't on the side of network operators, alas. Is it also economically feasible to pursue and sue every single perp? No. Will all the NOCs of ISPs along the path help trace in time to bust perps? No. Etc... Difficult problem. More easily solved with better tools to detect along with some inter-provider cooperation, for the short term. Along with things such as ISPs filtering their egress traffic to avoid rogue spoofing - that has been well known for some time now, but how many are *actually* doing it? Good thing this isn't wartime, or I'm sure we'd see a dramatic upswing in DOS attacks in general ;) -Dan