Re: WANTED: ISPs with DDoS defense solutions

[Paul Vixie <vixie () vix com>]

> > 1) The OS/software/default settings for a lot of internet connected
> > machines are weak, making it easy to attack from multiple locations.
> I´ll start looking for this to happen when Microsoft manages to release
> an OS version which does not contain remote exploitable flaw before
> the boxes hit the store self.

lots of late night pondering tonight.

the anti-nat anti-firewall pure-end-to-end crowd has always argued in
favour of "every host for itself" but in a world with a hundred million
unmanaged but reprogrammable devices is that really practical?

if *all* dsl and cablemodem plants firewalled inbound SYN packets and/or
only permitted inbound UDP in direct response to prior valid outbound UDP,
would rob really have seen a ~140Khost botnet this year?
-- 
Paul Vixie