Re: Re[2]: CCO/cisco.com issues.

[Valdis.Kletnieks () vt edu]

On Mon, 06 Oct 2003 19:38:38 EDT, jlewis () lewis org said:

> A handful of people (an assumption on my part) have the power /
> distributed bandwidth to bring just about any internet site/network to its
> knees using the distributed.net meets DoS tools they've created and
> distributed to thousands, perhaps millions of internet connected windows
> boxes.

Zombie networks of 10K or 20K machines all controlled by *one* black
hat are not uncommon now, and I've seen a citation for a single net of 140K.

Let's assume the interesting hosts are on cablemodem, that they have 2Mbit/sec
connectivity, and that one black hat has 10K (if you prefer, he's got 20K but
the rest are on slow links).  Now tell me - how many of you have enough
*excess* bandwidth that you can afford not to worry about suddenly being handed
a 200Gbit/sec inbound stream?  And if you don't have enough spare capacity,
are you set up to deal with 10K machines attacking, quite possibly with spoofed
addresses because your peers don't ingress filter?

Remember guys - Yahoo got whacked by MafiaBoy using only several hundred
machines.  You could be the recipient of a flood 200 times bigger.

And if you're not ready, it won't be an operational issue - it will be a NON-operational
issue, because that's what your network will be....

Attachment: _bin
Description: