Re: OBESEUS - A new type of DDOS protector

[Guillaume FORTAINE <gfortaine () live com>]

Misters,

Thank you for your reply.

1) First of all, I am absolutely not related to the Obeseus project. 
From my point of view,  the interesting things were that :

a) This project was unknown.

http://www.google.com/search?q="obeseus"+"ddos"&btnG=Search&hl=en&esrch=FT1&sa=2


b) This project comes from an ISP.

http://www.loud-fat-bloke.co.uk/links.html


c) Its code is Open Source.

http://www.loud-fat-bloke.co.uk/tools/obeseusvB.tar.gz


My conclusion is that I give far more credit to Obeseus than to Arbor 
Networks. By the way, I am surprised that this post didn't generate more 
interest given the uninteresting babble that I have been forced to read 
in the past on the NANOG mailing-list from the so-called "experts".


2) EDoS is a "DDoS 2.0"

DDoS is about malicious traffic.

EDoS is malicious traffic engineered to look like legitimate one.

However, the goal is the same : "to obliterate the service 
infrastructure", to quote Mister Morrow.



3) I do my homeworks something that doesn't seem to be the case for a 
lot of people on this mailing-list.

a) I would want to highlight the post of Tom Sands, Chief Network 
Engineer, Rackspace Hosting entitled "DDoS mitigation recommendations" [1].

-It seems evidence that he tried the Arbor solution so the three 
"Arbor++" mails don't make sense.

-About the fourth one :

"Sorry but RTFM

http://mailman.nanog.org/pipermail/nanog/2010-January/thread.html#16675

Best regards"

Hey kid, Tom Sands subscribed nearly a decade ago on the NANOG 
mailing-list. When you went out of school, he was already dealing with 
DoS concerns :

http://www.mcabee.org/lists/nanog/Jan-02/msg00177.html



b) I am really asking myself how much credit I could give to a spam 
expert, Suresh Ramasubramanian, about a DDoS related post [2].


c) Mister Morrow, even if you are a Network Security engineer at Google 
[3] (morrowc () google com) :

-You didn't provide any useful feedback on Obeseus.

-You totally missed the point on my other mails.

This is definitely disappointing.


Is this mailing-list a joke ?

Especially, where is Roland Dobbins ?


Best Regards,

Guillaume FORTAINE

[1] http://mailman.nanog.org/pipermail/nanog/2010-January/016675.html
[2] http://www.hserus.net/
[3] http://www.linkedin.com/in/morrowc



On 03/16/2010 03:11 AM, Suresh Ramasubramanian wrote:
> I got your point.  What I was saying is that what he calls EDoS (and
> I'm sure he'll say obliterating infrastructure is the ultimate form of
> an economic dos) is just what goes on ...
>
> You may or may not be able to overload the AWS infrastructure by too
> many queries but you sure as hell will blow the application out if
> that ddos isnt filtered .. edos again.
>
> On Tue, Mar 16, 2010 at 7:35 AM, Christopher Morrow
> <morrowc.lists () gmail com>  wrote:
>    
> > eh.. I guess I'm splitting hairs. the goal of 100k bots sending 1
> > query per second to a service that you know can only sustain 50k
> > queries/second is.. not to economically Dos someone, it's to
> > obliterate their service infrastructure.
> >
> > Sure, you could ALSO target something hosted (for instance) at
> > Amazon-AWS and increase costs by making lots and lots and lots of
> > queries, but that wasn't the point of what Deepak wrote, nor what i
> > corrected.
> >      
>
>
>