nanog mailing list archives
Re: WANTED: ISPs with DDoS defense solutions
From: Paul Vixie <vixie () vix com>
Date: 06 Aug 2003 00:58:19 +0000
More and more there is less and less spoofing, its just not required and it causes more damage with less effort :( Why spoof when you have 1000 machines pumping 1 packet per second? (or 10)
leaving the spoofing option open for future generations of attacks, rather than having a witch-hunt and tracking down and upgrading every insecure edge, is just about the worst thing we could do. because when an attacker wants an extra edge, they'll add spoofing to their attack profile, and the core's immune system will be totally unprepared. knowing this, and knowing that spoofing isn't actually necessary right now, the current generation of attackers would be well advised to stop spoofing for a while so that nobody makes any serious attempt to plug the hole. (and, it sounds like that strategy might already be working.) could someone here who can write win32 apps, and someone else who can write cocoa apps, please volunteer short executables that will try to spoof a few packets through some well known server, and then report as to whether the current computer/firewall/cablemodem/isp/core permitted this or not? isc would be happy to host the server component of this, as long as source code for the executables is available under a bsd style copyright, and the executables are released without any fee. this is so the community can gather compelling evidence for the witch-hunt. (i expect we'd have to come up with a "web button" campaign to brand isp's who dtrt. sort of like the old squid-era "cache now!" thing.) -- Paul Vixie
Current thread:
- Re: WANTED: ISPs with DDoS defense solutions, (continued)
- Re: WANTED: ISPs with DDoS defense solutions bdragon (Aug 04)
- Re: WANTED: ISPs with DDoS defense solutions Rob Thomas (Aug 04)
- Re: WANTED: ISPs with DDoS defense solutions Rob Thomas (Aug 04)
- Re: WANTED: ISPs with DDoS defense solutions Hank Nussbacher (Aug 04)
- Re: WANTED: ISPs with DDoS defense solutions Jared Mauch (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions Christopher L. Morrow (Aug 04)
- Re: WANTED: ISPs with DDoS defense solutions Vadim Antonov (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions Christopher L. Morrow (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions Mike Tancsa (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions Christopher L. Morrow (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions Paul Vixie (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions Barney Wolff (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions Jason Robertson (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions Paul Vixie (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions Christopher L. Morrow (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions Rob Thomas (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions Paul Vixie (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions Christopher L. Morrow (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions David G. Andersen (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions Rob Thomas (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions bdragon (Aug 04)