So what do we do about it? There are 10th of thousands of "0wned" machines out there. 10.000 machines sending one SYN per second to somewhere constitutes a 6mbit SYN flood that'll make almost any web server get into trouble. 10 SYNs per second and we're really talking traffic here. From spoofed sources because ISPs do not source address filter? Gah. Basically untraceable.
Wouldn't it be poetic justice if/when these "Owned" Windoze machines turn their attentions to www.microsoft.com? That would get Microsoft's attention. I don't care how big their pipes or how widely distributed their servers. A DDOS like this would be devastating.
On Sat, 23 Jun 2001 16:11:56 PDT, Bohdan Tashchuk <tashchuk@easystreet.com> said:
Wouldn't it be poetic justice if/when these "Owned" Windoze machines turn their attentions to www.microsoft.com?
That would get Microsoft's attention. I don't care how big their pipes or how widely distributed their servers. A DDOS like this would be devastating.
Doubtful. I believe they got DDOS'ed while trying to come back online from their "router misconfiguration" problem a few months ago. I've always suspected their misconfiguration" was a response to another DDOS (but can't prove it). If Microsoft hasn't been infested with VB Outlook worms already, they're probably the only shop using their software that hasn't. No, it's already gotten their attention. The high rate that they ship new fixes for security holes in their software demonstrates their renewed dedication to quality software security - they even shipped one recent fix 3 times just to be sure they got it right. They've declared war on this stuff, and are determined to get it right. After all, they'll never get their .NET stuff to fly if people don't trust their software, will they? Valdis Kletnieks Operating Systems Analyst Virginia Tech
participants (2)
-
Bohdan Tashchuk -
Valdis.Kletnieks@vt.edu