nanog mailing list archives
Re: Over a decade of DDOS--any progress yet?
From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Mon, 6 Dec 2010 09:19:38 +0000
On Dec 6, 2010, at 2:50 PM, Sean Donelan wrote:
Other than buying lots of bandwidth and scrubber boxes, have any other DDOS attack vectors been stopped or rendered useless during the last decade?
These .pdf presos pretty much express my view of the situation, though I do need to rev the first one: <https://files.me.com/roland.dobbins/y4ykq0> <https://files.me.com/roland.dobbins/k54qkv> <https://files.me.com/roland.dobbins/j0a4sk> The bottom line is that there are BCPs that help, but which many folks don't seem to deploy, and then there's little or no thought at all given to maintaining availability when it comes to server/service/app architecture and operations, except by the major players who'd been through the wringer and invest the time and resources to increase their resilience to attack. Of course, the fundamental flaws in the quarter-century old protocol stack we're running, with all the same problems plus new ones carried over into IPv6, are still there. Couple that with the brittleness, fragility, and insecurity of the DNS & BGP, and the fact that the miscreants have near-infinite resources at their disposal, and the picture isn't pretty. And nowadays, the attackers are even more organized and highly motivated (OC, financial/ideological) and therefore more highly incentivized to innovate, the tools are easy enough for most anyone to make use of them, and tthe services/apps they attack are now of real importance to ordinary people. So, while the state of the art in defense has improved, the state of the art and resources available to the attackers have also dramatically improved, and the overall level of indifference to the importance of maintaining availability is unchanged - so the overall situation itself is considerably worse, IMHO. The only saving grace is that the bad guys often make so much money via identity theft, click-fraud, spam, and corporate/arm's-length governmental espionage that they'd rather keep the networks/services/servers/apps/endpoints up and running so that they can continue to monetize them in other ways. ----------------------------------------------------------------------- Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com> Sell your computer and buy a guitar.
Current thread:
- Re: Over a decade of DDOS--any progress yet?, (continued)
- Re: Over a decade of DDOS--any progress yet? Patrick W. Gilmore (Dec 07)
- Re: Over a decade of DDOS--any progress yet? Paul Ferguson (Dec 07)
- Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 07)
- Re: Over a decade of DDOS--any progress yet? Adrian Chadd (Dec 07)
- Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 07)
- Re: Over a decade of DDOS--any progress yet? Adrian Chadd (Dec 07)
- Re: Over a decade of DDOS--any progress yet? bmanning (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Thomas Mangin (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 08)
- Re: Over a decade of DDOS--any progress yet? JC Dill (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Jack Bates (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Seth Mattinen (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Curtis Maurand (Dec 09)
- Re: Over a decade of DDOS--any progress yet? Greg Whynott (Dec 09)
- Re: Over a decade of DDOS--any progress yet? Simon Leinen (Dec 11)