North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS)
- From: Avleen Vig
- Date: Sun Mar 07 17:07:24 2004
On Sun, Mar 07, 2004 at 08:28:53PM +0000, Christopher L. Morrow wrote:
> > Without any data to back this up, I'm estimating based on the attacks
> > I've dealt with.
> > I don't believe the number have gone down at all. If it has, it's done
> > that for someone else, not me,
> Is this attacks on 'known magnets' or 'random stuff'. From what I've seen
> the frequency of attacks on 'all customers' seems to be slowing SOME.
> There are the normal nuisance points which attract attacks for whichever
> reason. So, Avleen, can you seperate the 'known magnets' from 'random
> stuff' and say which direction the trend is moving?
If we class "popular websites", "servers / networks at major ISPs", "IRC
servers" and "the latest popular thing" as magnets, and "small business
sites", "personal pages" etc as the random stuff, then I don't believe
attacks on magnets have gone down at all.
On the random stuff I cannot comment, as I've had surprisingly little
dealing with that.
> As to the 'strength' of attacks. It seems that bandwidth and pps rates
> have incresed over time. This COULD BE because you can own up 10,000 xp
> machines in a heartbeat, or it could be a reflection of
> bigger/better/faster single hosts being taken over. It's hard to tell from
> my end of the party :(
I don't think it would be unfair to assume it is both. Again that stands
to simple logic. More hosts on the internet = more potential drones.
More availible global bandwidth = larger volume output from each drone.
> > I don't have any evidence. Nor do I *believe* the number of attacks is
> > decreasing. If anything, its staying the same or going up, as more
> > people decide it's fun to take networks offline through the greater and
> > greater number of compromised hosts.
> The greater number of compromisable hosts seems to be the constant in this
> arguement. So, like we've said for several years, until the end station is
> secured 'better' the consistency and strength of attacks will continue
> that upward trend.
Indeed. I believe the ISP of the end user is the party responsible here.
If the ISP is allowing access through their network, they need to be
responsible for the data leaving their networl which originates in their