Re: Make Inggress Filtering the LAW for all ISPs!

[Patrick Greenwell <patrick () cybernothing org>]

On Fri, 11 Feb 2000, Sam Thomas wrote:

> On Wed, Mar 19, 2036 at 12:35:53PM -0700, Toplez Razer wrote:
> > It should eliminate 99.9% of DOS attacks!
>
> get off my soapbox! :-)
>
> unfortunately, the new breed of ddos is even naughtier than smurf. it relies
> on compromised hosts on which a daemon is placed to listen to requests, and
> begin flooding someone else's network. really quite effective, and there
> isn't just a whole lot of router magic that can save our butts from this.
> good host security is absolutely essential to prevent the problem, and it's
> not something where a bunch of rogue geeks can go around pointing fingers
> and "blacklisting" potential middle-men as easily as they've done with
> smurf and friends.

The number of such incidents could be greatly reduced if regular security 
audits by competent individuals were performed before shipping software. I
truly believe that many folks have it backwards: It's not the
admins of the "250,000 hosts" that need to be educated as much as it is 
the (by comparison) handful of software manufacturers. Most of these
attacks are successful because the majority of people seem to run "out of
the box" configurations. This should serve to indicate that "out of the
box" is woefully inadequate(being responsible for locking down boxes on a
regular basis I can attest to that...)


/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
                               Patrick Greenwell                          
                       Earth is a single point of failure.
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/