Re: Effective ways to deal with DDoS attacks?

[Vadim Antonov <avg () exigengroup com>]

On Thu, 2 May 2002, Christopher L. Morrow wrote:

> 1) I hack connected ISP X
> 2) I inject www.ebay.com /32 blackhole route
> 3) no more ebay
>
> I use ebay as an example of course, I wouldn't want them harmed cause how
> would I be able to buy all that nice routing gear at bargain basement
> prices without them? :)

Replace steps 2 and 3 with:

2) I route all packets going to Ebay to my box
3) I have my box to connect to real Ebay using passwords folks connecting 
   to my man-in-the-middle box (how many of them have a clue to carefully 
   look to the "SSL in use" icon anyway?)
4) I have the mershandise they bought shipped to me; and steal their CC 
   numbers in the process.

There are endless variations on the theme.  Access to the routing 
infrastructure _MUST_ be tightly controlled.

Intercepting traffic to root NSes is even more fun :)  And, Satan bless
the folks who want to let Unicode into DNS names, having many visually
indistinguishable "ebay.com"s is a breeze, so one can get valid X.509
certificates for those undistinguishable "ebays", too.

--vadim