nanog mailing list archives
RE: DDOS anecdotes
From: Mikael Abrahamsson <swmike () swm pp se>
Date: Sat, 23 Jun 2001 20:04:06 +0200 (CEST)
On Sat, 23 Jun 2001, Vivien M. wrote:
We ended up concluding that Mr. Gibson's main goal is the distribution of large quantities of FUD. It seems, I might add, that Mr. Gibson is
That might be so. I got this link approx 8 hours before I saw it on NANOG-l when I was investigating just this kind of thing he's talking about. I got in thru the irc-admin perspective though, saw a couple of clients that seemed to have things in common, sniffed some traffic, found a channel on IRCnet that was dedicated to whatever purpose these 100 or so clients/machines were up to. Talked to the "grand master" who approached me when I and a fellow IRC admin started throwing off his "bots" (he actually called them bots and then changed his mind that they were clients). This is a real problem. It's not FUD. Microsofts choice to include full IP stack capabilities will make the problem worse, but I do not blame their IP stack for this like Mr Gibson does though. So what do we do about it? There are 10th of thousands of "0wned" machines out there. 10.000 machines sending one SYN per second to somewhere constitutes a 6mbit SYN flood that'll make almost any web server get into trouble. 10 SYNs per second and we're really talking traffic here. From spoofed sources because ISPs do not source address filter? Gah. Basically untraceable. I know a few people have been put in jail for these kind of activies. I'd say it's not enough though. We might blame parents, society, whatever, but the question remains: What do we do about it? I saw figures that there are over 9 million homes in the US with "broadband internet access". This is going to 10fold in the next few years, worldwide we might have a couple of 100 million computers "always-on" in a few years. 95% (or more) of them running Microsoft OS, by people who have no idea how to secure it etc. What should we do? -- Mikael Abrahamsson email: swmike () swm pp se
Current thread:
- DDOS anecdotes Sean M. Doran (Jun 23)
- Re: DDOS anecdotes Mikael Abrahamsson (Jun 23)
- Re: DDOS anecdotes Pim van Riezen (Jun 23)
- Re: DDOS anecdotes Mikael Abrahamsson (Jun 23)
- Re: DDOS anecdotes Charles Sprickman (Jun 24)
- Re: DDOS anecdotes Pim van Riezen (Jun 23)
- RE: DDOS anecdotes Vivien M. (Jun 23)
- RE: DDOS anecdotes Mikael Abrahamsson (Jun 23)
- RE: DDOS anecdotes Tim Wilde (Jun 23)
- peering requirements (Re: DDOS anecdotes) Paul Vixie (Jun 23)
- Re: peering requirements (Re: DDOS anecdotes) Eric Oosting (Jun 23)
- Re: peering requirements (Re: DDOS anecdotes) Roland Dobbins (Jun 23)
- Re: peering requirements (Re: DDOS anecdotes) Simon Lyall (Jun 23)
- Re: peering requirements (Re: DDOS anecdotes) Roland Dobbins (Jun 23)
- What is evil: IP spoofing or Distributed attacks? (was Re: DDOS anecdotes) Przemyslaw Karwasiecki (Jun 23)
- RE: DDOS anecdotes Mikael Abrahamsson (Jun 23)
- Re: peering requirements (Re: DDOS anecdotes) Paul Vixie (Jun 26)
- RE: peering requirements (Re: DDOS anecdotes) Przemyslaw Karwasiecki (Jun 26)
- Re: peering requirements (Re: DDOS anecdotes) Paul A Vixie (Jun 26)
- Re: DDOS anecdotes Mikael Abrahamsson (Jun 23)