nanog mailing list archives
RE: Counter DoS
From: Drew Weaver <drew.weaver () thenap com>
Date: Thu, 11 Mar 2004 16:39:42 -0500
-----Original Message----- From: Gregory Taylor [mailto:greg () xwb com] Sent: Thursday, March 11, 2004 3:55 PM To: Rachael Treu Cc: nanog () merit edu Subject: Re: Counter DoS Yes, lets allow the kiddies who already get away with as little work as they can in order to produce the most destruction they can, the ability to use these 'Security Systems' as a new tool for DoS attacks against their enemies. Scenerio: Lets say my name is: l33th4x0r I want to attack joeblow.cable.com because joeblow666 was upset that I called his mother various inappropriate names. I find IP for joeblow.cable.com to be 192.168.69.69 I find one of these 'security' systems, or multiple security systems, and i decide to forge a TCP attack from 192.168.69.69 to these 'security systems'. These 'security systems' then, thinking joeblow is attacking their network, will launch a retaliatory attack against the offender, 192.168.69.69 thus destroying his connectivity. Kiddie 1 Joeblow 0 The Internet as a whole 0 Greg --- Rant/ Their solution isn't the best idea out there, but something definitely needs to be done, and quickly. Network providers shouldn't have to purchase 4x the amount of bandwidth that they need just in case someone hijacks a bunch of cable modems and wants to party. Perhaps their bad idea will lead to a better idea, its happened before with how many countless practices on the internet? You start with a blurry idea, then someone else takes it and makes it work. Im not saying ddosing people back is the best idea, but something needs to happen, we waste way too much time and money mitigating these attacks, when in reality they cant be mitigated unless you continue to throw cash into the bandwidth bucket. These DSL and cable modem companies need to tighten things up so that if their users are abusive (and I don't claim to know how exactly the parameters of abuse should be measured) that their systems automatically choke them. For example, I have a Cable modem /w rr at my home, they have my upstream limited to next to nothing, how much damage could I possibly do? On the other hand I've seen attacks from some residential DSL providers that have hit with over 500KB(bytes)ps from a single machine, if you have maybe 20 of these hitting one of your interfaces, its going to cause latency, unless your upstream, or their downstream is doing something to protect you, which they wont. /Rant -Drew
Current thread:
- RE: Counter DoS, (continued)
- RE: Counter DoS Christopher L. Morrow (Mar 10)
- Re: Counter DoS Baldwin, James (Mar 11)
- Re: Counter DoS Sean Donelan (Mar 11)
- Re: Counter DoS Brandon Butterworth (Mar 11)
- Re: Counter DoS Hank Nussbacher (Mar 11)
- RE: Counter DoS Pendergrass, Greg (Mar 11)
- Re: Counter DoS Etaoin Shrdlu (Mar 11)
- RE: Counter DoS Michael . Dillon (Mar 11)
- RE: Counter DoS Pendergrass, Greg (Mar 11)
- Re: Counter DoS Rachael Treu (Mar 11)
- RE: Counter DoS Drew Weaver (Mar 11)
- Re: Counter DoS Gregory Taylor (Mar 11)
- New Solution: (was: Re: Counter DoS) Deepak Jain (Mar 11)
- Re: New Solution: (was: Re: Counter DoS) Barney Wolff (Mar 11)
- Re: New Solution: (was: Re: Counter DoS) James (Mar 11)
- Re: Counter DoS Gregory Taylor (Mar 11)
- RE: Counter DoS Priscilla Oppenheimer (Mar 11)
- Re: Counter DoS Eric Kuhnke (Mar 11)