nanog mailing list archives

Re: Over a decade of DDOS--any progress yet?

From: Arturo Servin <arturo.servin () gmail com>
Date: Wed, 8 Dec 2010 10:28:34 -0200


        One big problem (IMHO) of DDoS is that sources (the host of botnets) may be completely unaware that they are 
part of a DDoS. I do not mean the bot machine, I mean the ISP connecting those.

        In the other hand the target of a DDoS cannot do anything to stop to attack besides adding more BW or 
contacting one by one the whole path of providers to try to minimize the effect. 

        I know that this has many security concerns, but would it be good a signalling protocol between ISPs to inform 
the sources of a DDoS attack in order to take semiautomatic actions to rate-limit the traffic as close as the source? 
Of course that this is more complex that these three or two lines, but I wonder if this has been considerer in the past.

Regards.
-as



On 8 Dec 2010, at 10:00, nanog-request () nanog org wrote:

Date: Wed, 8 Dec 2010 10:58:38 +0000
From: bmanning () vacation karoshi com
Subject: Re: Over a decade of DDOS--any progress yet?
To: "Dobbins, Roland" <rdobbins () arbor net>
Cc: North American Operators' Group <nanog () nanog org>
Message-ID: <20101208105838.GD5841 () vacation karoshi com.>
Content-Type: text/plain; charset=us-ascii

actually, botnets are an artifact.  claiming that the tool is the problem
might be a bit short sighted.  with the evolution of Internet technologies
(IoT) i suspect botnet-like structures to become much more prevelent and 
useful for things other than coordinated attacks.

just another PoV.

--bill

On Wed, Dec 08, 2010 at 04:46:13AM +0000, Dobbins, Roland wrote:


On Dec 8, 2010, at 11:26 AM, Sean Donelan wrote:

Other than trying to hide your real address, what can be done to prevent DDOS in the first place.



DDoS is just a symptom.  The problem is botnets.  

Preventing hosts from becoming bots in the first place and taking down existing botnets is the only way to actually 
*prevent* DDoS attacks.  Note that prevention is distinct from *defending* oneself against DDoS attacks.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

            Sell your computer and buy a guitar.

Current thread:

Re: Over a decade of DDOS--any progress yet?, (continued)
- - - Re: Over a decade of DDOS--any progress yet? Adrian Chadd (Dec 07)
    - Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 07)
    - Re: Over a decade of DDOS--any progress yet? Adrian Chadd (Dec 07)
    - Re: Over a decade of DDOS--any progress yet? bmanning (Dec 08)
    - Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 08)
    - Re: Over a decade of DDOS--any progress yet? Thomas Mangin (Dec 08)
    - Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 06)
- Re: Over a decade of DDOS--any progress yet? James Hess (Dec 07)
- Re: Over a decade of DDOS--any progress yet? Jed Smith (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Arturo Servin (Dec 08)
  - Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 08)
  - Re: Over a decade of DDOS--any progress yet? JC Dill (Dec 08)
    - Re: Over a decade of DDOS--any progress yet? Jack Bates (Dec 08)
    - Re: Over a decade of DDOS--any progress yet? Seth Mattinen (Dec 08)
    - Re: Over a decade of DDOS--any progress yet? Curtis Maurand (Dec 09)
    - Re: Over a decade of DDOS--any progress yet? Greg Whynott (Dec 09)
    - Re: Over a decade of DDOS--any progress yet? Simon Leinen (Dec 11)
    - Re: [nanog] Re: Over a decade of DDOS--any progress yet? Aaron Peterson (Dec 08)
    - Re: Over a decade of DDOS--any progress yet? Valdis . Kletnieks (Dec 08)
    - Re: Over a decade of DDOS--any progress yet? JC Dill (Dec 08)

(Thread continues...)