Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Source address validation (was Re: UUNet Offer New ProtectionAgainst DDoS)

  • From: Christopher L. Morrow
  • Date: Sun Mar 07 15:32:27 2004


On Sun, 7 Mar 2004, Avleen Vig wrote:

>
> On Sun, Mar 07, 2004 at 02:13:38AM -0500, Sean Donelan wrote:
> > > Try saying that after running a major DDoS target, with "HIT ME" your
> > > forehead.
> > > No offense Sean but I'd like you to back your claim up with some
> > > impirical data first.
> >
> > Has the number of DDOS attacks increased or decreased in the last few
> > years has uRPF has become more widely deployed?
> > Do you have any evidence the number of attacks are decreasing?
>
> Without any data to back this up, I'm estimating based on the attacks
> I've dealt with.
> I don't believe the number have gone down at all. If it has, it's done
> that for someone else, not me,

Is this attacks on 'known magnets' or 'random stuff'. From what I've seen
the frequency of attacks on 'all customers' seems to be slowing SOME.
There are the normal nuisance points which attract attacks for whichever
reason. So, Avleen, can you seperate the 'known magnets' from 'random
stuff' and say which direction the trend is moving?

As to the 'strength' of attacks. It seems that bandwidth and pps rates
have incresed over time. This COULD BE because you can own up 10,000 xp
machines in a heartbeat, or it could be a reflection of
bigger/better/faster single hosts being taken over. It's hard to tell from
my end of the party :(

>
> I don't have any evidence. Nor do I *believe* the number of attacks is
> decreasing. If anything, its staying the same or going up, as more
> people decide it's fun to take networks offline through the greater and
> greater number of compromised hosts.
>

The greater number of compromisable hosts seems to be the constant in this
arguement. So, like we've said for several years, until the end station is
secured 'better' the consistency and strength of attacks will continue
that upward trend.





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.