Re: WANTED: ISPs with DDoS defense solutions

["Christopher L. Morrow" <chris () UU NET>]

On Wed, 30 Jul 2003 variable () ednet co uk wrote:

> On Wed, 30 Jul 2003, Mike Tancsa wrote:
>
> > I recall one of our users was involved in a DoS once a few years back
> > when the "giant pings" could crash MS boxes. The fact that his perceived
> > anonymity was removed was enough to keep him from repeating his
> > attacks....
>
> If these issues are addressed then it becomes a lot harder to remain
> anonymous and starting DDoS attacks against targets that can trace you
> becomes a lot less attractive.

Sure, trace my attacks to the linux box at UW, I didn't spoof the flood
and you can prove I did the attacking how? You can't because I and 7 other
hackers all are fighting eachother over ownership of the poor UW student
schlep's computer...

The problem isn't the network, nor the filtering/lack-of-filtering, its a
basic end host security problem. Until that is resolved, the ability of
attackers to own boxes in remote locations and use them for malfeasance
will continue to haunt us. I would guess that the other owners of the
machines attacking Mike (assuming they got the emails he sent... big
assumption) probably said: "Great another person getting attacked from
that joker's win2k machine, hurray:(" and moved on about thier business.
They know that they can't get the end user to secure their machine and
they know that if the get him/her to reload the OS or 'clean' it of the
'virus' the problem will arise anew within 17 minutes :(

I'm all for raising the bar on attackers and having end networks implement
proper source filtering, but even with that 1000 nt machines pinging 2
packet per second is still enough to destroy a T1 customer, and likely
with 1500 byte packets a T3 customer as well. You can't stop this without
addressing the host security problem...

> Cheers,
>
> Rich