Re: Is there a line of defense against Distributed Reflective attacks?
In message <Pine.GSO.4.44.0301182004040.16112-100000@clifden.donelan.com>, Sean Donelan writes:
On Sat, 18 Jan 2003, Steven M. Bellovin wrote:
theory, trace a single packet. But the real problem with either idea is this: suppose that you know, unambiguously and unequivocally, that 750 zombies are attacking you. What do you do with that information?
The reality is its not 750 zombies, its generally one person controlling 750 zombies attacking you.
Right -- and neither itrace nor hash-based tracing are going to solve that:
3) Find and convict the true attacker
Hash-based trace might help on that, *if* there was recording of the packets to the zombies. But doing that ubiquitously might -- would? -- turn the Internet into a surveillance state.
2) Track and stop DDOS quickly when it does happen
That's the point of pushback.
So how do we 1) Make end-user systems less vulnerable to being compromised
That's my real goal... --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of "Firewalls" book)
On Sat, 18 Jan 2003, Steven M. Bellovin wrote:
3) Find and convict the true attacker
Hash-based trace might help on that, *if* there was recording of the packets to the zombies. But doing that ubiquitously might -- would? -- turn the Internet into a surveillance state.
Yep, the hard question isn't if we can, but if we should. We have the advantage of Casino Network Traffic Analysis, the longer you play the odds favor the house. Tracking a single packet is difficult. But when the player keeps returning, eventually you can find them. Traffic analysis doesn't require looking at every packet, or even beyond the packet header. Starting with the 750 zombies and slowly working backwards is time consuming and expensive. On the other hand, putting a few thousand taps in the network is getting easier all the time. Vendors are including more Network Intrusion Detection features in their products. Most of the DDOS products on the market today include some type of traffic flow monitoring. With the right incentives, I'm sure the vendors can improve their products. But then we get to the unintended consequences. Once you collect the traffic data, who else will want to use it for other things. I'm not just talking about the government, but also divorce lawyers wanting dirt on spouses, companies track and silence critics, or even hackers getting the records.
2) Track and stop DDOS quickly when it does happen
That's the point of pushback.
Triggered black holes, pushback, etc will help. But reactive measures aren't a complete answer.
So how do we 1) Make end-user systems less vulnerable to being compromised
That's my real goal...
What incentive does the end-user have to use secure systems? Should Microsoft, Sun, Sendmail Inc or ISC be required to send a technician out to fix every defective system they released? Why should the ISP be held accountable for the defects created by others? Car makers have to fix defective cars, not the highway department.
What incentive does the end-user have to use secure systems? Should Microsoft, Sun, Sendmail Inc or ISC be required to send a technician out to fix every defective system they released? Why should the ISP be held accountable for the defects created by others? Car makers have to fix defective cars, not the highway department.
Without jumping into this discussion, I would like to make the point that if a car on the highway drops something... a pebble. a window. tacks. or any other item on the highway that is potentially hazardous or inconvenient to others who want to use that highway... the car manufacturer doesn't come out, the highway department does. As long as the car _moves_ under its own power across the highway, its essentially not the car manufacturers' (or the consumers') immediate concern. Deepak Jain AiNET
On Mon, Jan 20, 2003 at 12:25:27AM -0500, Deepak Jain mooed:
As long as the car _moves_ under its own power across the highway, its essentially not the car manufacturers' (or the consumers') immediate concern.
That's really not true. Before car companies sell cars, they pass (lots of) safety certification tests. Before owners drive cars legally, they pass a safety and emissions test. Sure, the highway folks clean up after the occasional tire blowout, but there's been a lot of work put in to make sure that the engines aren't going to drop out on a regular basis. If the Internet was a highway, it would be covered in burned-out engines. -Dave -- work: dga@lcs.mit.edu me: dga@pobox.com MIT Laboratory for Computer Science http://www.angio.net/ I do not accept unsolicited commercial email. Do not spam me.
As long as the car _moves_ under its own power across the highway, its essentially not the car manufacturers' (or the consumers') immediate concern.
That's really not true. Before car companies sell cars, they pass (lots of) safety certification tests. Before owners drive cars legally, they pass a safety and emissions test. Sure, the highway folks clean up after the occasional tire blowout, but there's been a lot of work put in to make sure that the engines aren't going to drop out on a regular basis.
If the Internet was a highway, it would be covered in burned-out engines.
True, in the literal sense. 1) Software companies and hardware manufacturers have their own QA, focus groups and eval processes. Since very few people will die in the event of a burned-out engine on the Internet. Determiniation of the value of these things is up to the reader. An internal combustion engine is a much older, more widely tested thing than the "cars" we drive on the Internet and it figures that in reliability/safety numbers they win. The motherboards don't blow out, and the asphalt that makes the Internet highway works too (generally). DJ
at Monday, January 20, 2003 5:25 AM, Deepak Jain <deepak@ai.net> was seen to say:
What incentive does the end-user have to use secure systems? Should Microsoft, Sun, Sendmail Inc or ISC be required to send a technician out to fix every defective system they released? Why should the ISP be held accountable for the defects created by others? Car makers have to fix defective cars, not the highway department. Without jumping into this discussion, I would like to make the point that if a car on the highway drops something... a pebble. a window. tacks. or any other item on the highway that is potentially hazardous or inconvenient to others who want to use that highway... the car manufacturer doesn't come out, the highway department does. As long as the car _moves_ under its own power across the highway, its essentially not the car manufacturers' (or the consumers') immediate concern. I would assume though, that if a particular model of car were frequently shedding dangerous fragments onto the road due to design flaws, the highway department might expect something be done to fix the cars and save them all that work and expense.
I particularly enjoyed my time in (Northern) Europe due to the cleanliness of the streets and parking lots. No pools of dripped fluids in every space. Made motorcycle riding much more enjoyable. Rather strict inspection requirements then. If your car had visible drips when inspected underneath or corrosion (rust spots where probed with screwdrivers, if it went through, no pass.) you didn't pass. Analogies to hardware/software are left as an exercise for the reader. Of course, this system was subject to the same issues any consumer system has. Market conditions still applied. Best regards, ______________________________ Al Rowland
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of David Howe Sent: Monday, January 20, 2003 2:40 AM To: Email List: nanog Subject: Re: Is there a line of defense against Distributed Reflective attacks?
SNIP
I would assume though, that if a particular model of car were frequently shedding dangerous fragments onto the road due to design flaws, the highway department might expect something be done to fix the cars and save them all that work and expense.
participants (6)
-
Al Rowland
-
David G. Andersen
-
David Howe
-
Deepak Jain
-
Sean Donelan
-
Steven M. Bellovin