Re: the expensive way to do DDoS ?

[Darren Reed <darrenr () reed wattle id au>]

In some email I received from Ryan Russell, sie wrote:
> On Mon, 21 Feb 100, Darren Reed wrote:
>
> > If you had money to burn, how many el-cheapo pc's would you need to install
> > at POP's around the world such that you had a virtual army out there that
> > was yours and from which you could send forged packets whenever you like?
> > (just how many ISPs are going to bother checking, eh?)  All you have to do
> > is muddy the path of who the ISP thinks owns those boxes and yourself in the
> > event that someone works out which boxes the packets are actually coming
> > from...would 1000 be enough ?  (Are there even that many POPs ? :)  Maybe
> > too expensive for a teenage hacker, but not the mafia, CIA, etc.
>
> By POPs, I assume you mean more than dial-up.  Under optimal conditions,
> 1000 PCs at (at most) 40k upstream can do 40Mb of damage.  Not really
> enough to match what we saw recently.  If they're all behind cable/DSL,
> that would do it.

I'm thinking 1000 PC's, each at a POP that's at least T1 connected...

And remember, in this, you don't need big fat pipes at the attacking
end if the other guy only has a small one.  High profile sites which
generate a large amount of traffic are fewer in number.

If I wanted to get into strong-arm tactics on the 'net, maybe I'd send
you an email saying "send me $1000 each month or I'll flood
securityfocus.com off the 'net".  Chances are I don't need an OC-12 to
flood your link (I know that's not needed at _my_ end :*).

If I do that to say 1000 small dot-com sites, maybe recouping my costs
wouldn't take that long....if that were my game.

But I think you missed my point about which organisations would likely
deploy this kind of solution.  Afterall, if the KGB is allegedly doing
something similar for evesdropping, it can't that prohibitive in terms
of cost...

Darren