Re: Flash Worms

[Dragos Ruiu <dr () kyx net>]

On Sat, 18 Aug 2001, jaywhy wrote:
> It really wouldn't matter even if you only got to 20%, 10% or even 5% of the
> vulnerable hosts.  Those computer running a DDOS attack against anything
> would completely destroy it.

Uhm, no, imho.

Even if you have 10% of the internet it still makes a big difference 
which 10% you have (and which internet ;-), and where your target 
is, and how their network is, ahem, misdesigned (if a 14y old is 
gonna blow it up :-) , and what your route(s)  to the target are.

The DDoSability of a network is a big function of it's design.
> From my tests, and barring me playing around with custom
worm test races (Exhibition event at the next Olympics? :-),
in ddos there seem to be a few big factors: the cleverness 
of the transmitter design, the oompf of the tx vs. rx, (os cpu 
nic everything), and the sizes and bottlenecks of the pipes 
in between. As the people who run heavily dossed servers
have alredy evolved, by careful network design and multiple
peering and redundant facilities you can make your network 
very D/DoSsurvivable.

cheers,
--dr

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com