Folks, I just posted http://nwtime.org/ntp-winter-2013-network-drdos-attacks/ . In general we've never allowed comments to blog posts on that site; we're currently discussing if we should allow them for this post. I'd love to hear any feedback about the post. Thanks... -- Harlan Stenn <stenn@ntp.org> http://networktimefoundation.org - be a member!
On Feb 20, 2014, at 11:14 PM, Niels Bakker <niels=nanog@bakker.net> wrote:
Don't invent new terms like DrDos.
+1 ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton
----- Original Message -----
From: "Roland Dobbins" <rdobbins@arbor.net>
On Feb 20, 2014, at 11:14 PM, Niels Bakker <niels=nanog@bakker.net> wrote:
Don't invent new terms like DrDos.
+1
What? Digital Research's MS-DOS clone is attacking things? Cheers, -- jr ':-)' a -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
That's not a new term. http://en.wikipedia.org/wiki/DRDOS DRDoS, a type of network attack named Distributed Reflection Denial of Service. http://en.wikipedia.org/wiki/Distributed_Reflection_Denial_of_Service#Reflec... On 2/20/2014 11:14 AM, Niels Bakker wrote:
* stenn@ntp.org (Harlan Stenn) [Thu 20 Feb 2014, 00:38 CET]:
I'd love to hear any feedback about the post.
Don't invent new terms like DrDos.
-- Niels.
Yes, it was also used here https://www.sans.org/reading-room/whitepapers/intrusion/summary-dos-ddos-pre... But still, it's just a DDoS. -----Message d'origine----- De : Brian Rak [mailto:brak@gameservers.com] Envoyé : jeudi 20 février 2014 17:24 À : nanog@nanog.org Objet : Re: NTP DRDos Blog post That's not a new term. http://en.wikipedia.org/wiki/DRDOS DRDoS, a type of network attack named Distributed Reflection Denial of Service. http://en.wikipedia.org/wiki/Distributed_Reflection_Denial_of_Service#Reflec... On 2/20/2014 11:14 AM, Niels Bakker wrote:
* stenn@ntp.org (Harlan Stenn) [Thu 20 Feb 2014, 00:38 CET]:
I'd love to hear any feedback about the post.
Don't invent new terms like DrDos.
-- Niels.
_________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
On Feb 20, 2014, at 11:29 PM, <antoine.meillet@orange.com> <antoine.meillet@orange.com> wrote:
Yes, it was also used here https://www.sans.org/reading-room/whitepapers/intrusion/summary-dos-ddos-pre...
That's still meaningless. The term of art is 'reflection/amplification attack', as in 'ntp reflection/amplification attack' or 'DNS reflection/amplification attack'. ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton
On Feb 20, 2014, at 11:23 PM, Brian Rak <brak@gameservers.com> wrote:
That's not a new term.
It isn't used by folks involved in operational security. It's a marketing term. ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton
On Feb 20, 2014, at 11:34 AM, Dobbins, Roland <rdobbins@arbor.net> wrote:
On Feb 20, 2014, at 11:23 PM, Brian Rak <brak@gameservers.com> wrote:
That's not a new term.
It isn't used by folks involved in operational security. It's a marketing term.
I'll split the difference, folks in operational security dislike the term as they feel it's inaccurate. They tend to think it's marketing vs operational related. Reflection attacks are considered a sub-type of DoS/DDoS and do not require a new term. It's the same problem folks have with absolute terms like "Unlimited Data" with the asterisk. Can I direct the knife-fights about that part off-list? :) (and preferably exclude me, i get enough email). - jared
On 2/20/2014 9:17 AM, Jared Mauch wrote:
I'll split the difference, folks in operational security dislike the term as they feel it's inaccurate. They tend to think it's marketing vs operational related.
Reflection attacks are considered a sub-type of DoS/DDoS and do not require a new term. It's the same problem folks have with absolute terms like "Unlimited Data" with the asterisk.
Can I direct the knife-fights about that part off-list? :) (and preferably exclude me, i get enough email).
This is not a new term (certainly >12yo) and one that I see as useful, just as it is useful to differentiate between a DoS and a DDoS. That extra "D" tells you that it's "distributed". Add an "R" and now it's "reflected" -- an important difference. If it's seen as being recently co-opted and misused by marketing people, then that's a shame. But its practicality trumps that in my eyes. And I am definitely on the operational security side here. I do generally prefer "X reflection/amplification attack", as Roland suggested, as it is more specific. -John
On Feb 21, 2014, at 2:37 AM, John <jw@nuclearfallout.net> wrote:
This is not a new term (certainly >12yo)
Actually, it's much more recent than that (in this context; as others have mentioned, DR-DOS was the acronym for Digital Research's MS-DOS clone). But I'm going to stop posting about this, now, as Jared suggested. ;> ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton
On 2/20/2014 11:43 AM, Dobbins, Roland wrote:
Actually, it's much more recent than that (in this context; as others have mentioned, DR-DOS was the acronym for Digital Research's MS-DOS clone).
I didn't just pluck that 12y term out of the air. I know how much Gibson is hated in some circles, but he used it in 2002: http://homes.cs.washington.edu/~arvind/cs425/doc/drdos.pdf. I read that in 2002, did other research about it in 2002, saw reflected attacks in 2002. Yes, I used DRDOS, too. -John
On Feb 21, 2014, at 2:51 AM, John <jw@nuclearfallout.net> wrote:
I know how much Gibson is hated in some circles,
He isn't/wasn't part of the operational community. It sure looks like you're right, he coined it then - as a marketing term, for marketing himself, heh. Maybe that's one of the reasons it's so disliked. ;>
I read that in 2002, did other research about it in 2002, saw reflected attacks in 2002.
I saw reflected/amplified attacks in 2002, too, and that's what I called them. So did everyone else I worked with to mitigate them, heh. And I'm really going to shut up about this, now. ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton
On Thu, 20 Feb 2014, Brian Rak wrote:
That's not a new term.
http://en.wikipedia.org/wiki/DRDOS DRDoS, a type of network attack named Distributed Reflection Denial of Service. http://en.wikipedia.org/wiki/Distributed_Reflection_Denial_of_Service#Reflec...
Or Digital Research Disk Operating System...if you're old enough. Who knew DRDOS would become popular [again]? ---------------------------------------------------------------------- Jon Lewis, MCP :) | I route | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
On Feb 20, 2014, at 11:43 AM, Jon Lewis <jlewis@lewis.org> wrote:
On Thu, 20 Feb 2014, Brian Rak wrote:
That's not a new term.
http://en.wikipedia.org/wiki/DRDOS DRDoS, a type of network attack named Distributed Reflection Denial of Service. http://en.wikipedia.org/wiki/Distributed_Reflection_Denial_of_Service#Reflec...
Or Digital Research Disk Operating System...if you're old enough. Who knew DRDOS would become popular [again]?
I had wondered what the problem was, older than age, with anyone trying to run DRDOS. It should fit in the memory and cpu footprint of a modern toaster. -d ----- Dan Shoop shoop@iwiring.net 1-646-402-5293 (GoogleVoice)
Hello Harlen , On Wed, 19 Feb 2014, Harlan Stenn wrote:
Folks, I just posted http://nwtime.org/ntp-winter-2013-network-drdos-attacks/ . wget http://nwtime.org/ntp-winter-2013-network-drdos-attacks/ --2014-02-20 15:03:13-- http://nwtime.org/ntp-winter-2013-network-drdos-attacks/ Resolving nwtime.org (nwtime.org)... 140.211.15.245 Connecting to nwtime.org (nwtime.org)|140.211.15.245|:80... failed: Connection refused.
I get the same type message from 3 differant sytems that I have access from & three differant browsers . Did the url change or get locked down ? Tia , JimL
In general we've never allowed comments to blog posts on that site; we're currently discussing if we should allow them for this post. I'd love to hear any feedback about the post. Thanks...
-- +------------------------------------------------------------------+ | James W. Laferriere | System Techniques | Give me VMS | | Network&System Engineer | 3237 Holden Road | Give me Linux | | babydr@baby-dragons.com | Fairbanks, AK. 99709 | only on AXP | +------------------------------------------------------------------+
I was seeing database connect errors earlier. I suspect the host resources are limited. Jared Mauch
On Feb 20, 2014, at 7:05 PM, "Mr. James W. Laferriere" <babydr@baby-dragons.com> wrote:
Hello Harlen ,
On Wed, 19 Feb 2014, Harlan Stenn wrote: Folks, I just posted http://nwtime.org/ntp-winter-2013-network-drdos-attacks/ . wget http://nwtime.org/ntp-winter-2013-network-drdos-attacks/ --2014-02-20 15:03:13-- http://nwtime.org/ntp-winter-2013-network-drdos-attacks/ Resolving nwtime.org (nwtime.org)... 140.211.15.245 Connecting to nwtime.org (nwtime.org)|140.211.15.245|:80... failed: Connection refused.
I get the same type message from 3 differant sytems that I have access from & three differant browsers . Did the url change or get locked down ? Tia , JimL
In general we've never allowed comments to blog posts on that site; we're currently discussing if we should allow them for this post. I'd love to hear any feedback about the post. Thanks...
-- +------------------------------------------------------------------+ | James W. Laferriere | System Techniques | Give me VMS | | Network&System Engineer | 3237 Holden Road | Give me Linux | | babydr@baby-dragons.com | Fairbanks, AK. 99709 | only on AXP | +------------------------------------------------------------------+
On 2/20/2014 7:05 PM, Mr. James W. Laferriere wrote:
Hello Harlen ,
On Wed, 19 Feb 2014, Harlan Stenn wrote:
Folks, I just posted http://nwtime.org/ntp-winter-2013-network-drdos-attacks/ . wget http://nwtime.org/ntp-winter-2013-network-drdos-attacks/ --2014-02-20 15:03:13-- http://nwtime.org/ntp-winter-2013-network-drdos-attacks/ Resolving nwtime.org (nwtime.org)... 140.211.15.245 Connecting to nwtime.org (nwtime.org)|140.211.15.245|:80... failed: Connection refused.
I get the same type message from 3 differant sytems that I have access from & three differant browsers . Did the url change or get locked down ? Tia , JimL
I can't get to any part of the nwtime.org web site. Google has a cached copy of the article. Search for "site:nwtime.org ntp drdos attacks" -DMM
In general we've never allowed comments to blog posts on that site; we're currently discussing if we should allow them for this post. I'd love to hear any feedback about the post. Thanks...
participants (13)
-
antoine.meillet@orange.com
-
Brian Rak
-
Dan Shoop
-
David Miller
-
deleskie@gmail.com
-
Dobbins, Roland
-
Harlan Stenn
-
Jared Mauch
-
Jay Ashworth
-
John
-
Jon Lewis
-
Mr. James W. Laferriere
-
Niels Bakker