Re: the expensive way to do DDoS ?

[Ryan Russell <ryan () securityfocus com>]

On Mon, 21 Feb 100, Darren Reed wrote:

> If you had money to burn, how many el-cheapo pc's would you need to install
> at POP's around the world such that you had a virtual army out there that
> was yours and from which you could send forged packets whenever you like?
> (just how many ISPs are going to bother checking, eh?)  All you have to do
> is muddy the path of who the ISP thinks owns those boxes and yourself in the
> event that someone works out which boxes the packets are actually coming
> from...would 1000 be enough ?  (Are there even that many POPs ? :)  Maybe
> too expensive for a teenage hacker, but not the mafia, CIA, etc.

By POPs, I assume you mean more than dial-up.  Under optimal conditions,
1000 PCs at (at most) 40k upstream can do 40Mb of damage.  Not really
enough to match what we saw recently.  If they're all behind cable/DSL,
that would do it.

I don't think that scneraio is particularly interesting for a number of
reasons:  It's too time consuming to set up that many connections,
purchase PCs, etc..  It's too expensive, as opposed to stealing from other
people's resources, and it's a whole lot less anonymous.  I'd be better
off buying a few giant machines, and an OC-12, etc.. under a false name,
and abandoning the NOC.  Much cheaper and quicker to set up, but it would
get shut down faster, so it would depend on the duration of attack I
needed.

                                        Ryan