Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: DDOS anecdotes

  • From: Mikael Abrahamsson
  • Date: Sat Jun 23 14:07:11 2001

On Sat, 23 Jun 2001, Vivien M. wrote:

> We ended up concluding that Mr. Gibson's main goal is the distribution of
> large quantities of FUD. It seems, I might add, that Mr. Gibson is

That might be so. I got this link approx 8 hours before I saw it on
NANOG-l when I was investigating just this kind of thing he's talking
about. I got in thru the irc-admin perspective though, saw a couple of
clients that seemed to have things in common, sniffed some traffic, found
a channel on IRCnet that was dedicated to whatever purpose these 100 or so
clients/machines were up to. Talked to the "grand master" who approached
me when I and a fellow IRC admin started throwing off his "bots" (he
actually called them bots and then changed his mind that they were
clients).

This is a real problem. It's not FUD. Microsofts choice to include full
IP stack capabilities will make the problem worse, but I do not blame
their IP stack for this like Mr Gibson does though.

So what do we do about it? There are 10th of thousands of "0wned" machines
out there. 10.000 machines sending one SYN per second to somewhere
constitutes a 6mbit SYN flood that'll make almost any web server get into
trouble. 10 SYNs per second and we're really talking traffic here. From
spoofed sources because ISPs do not source address filter? Gah. Basically
untraceable.

I know a few people have been put in jail for these kind of activies. I'd
say it's not enough though. We might blame parents, society, whatever, but
the question remains: What do we do about it?

I saw figures that there are over 9 million homes in the US with
"broadband internet access". This is going to 10fold in the next few
years, worldwide we might have a couple of 100 million computers
"always-on" in a few years. 95% (or more) of them running Microsoft OS, by
people who have no idea how to secure it etc.

What should we do?

-- 
Mikael Abrahamsson    email: swmike@swm.pp.se





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.