Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Counter DoS

  • From: Pendergrass, Greg
  • Date: Thu Mar 11 05:06:12 2004

I can see now that it's only a matter of time before some nut writes "The
Art of War in the Internet". I read the whitepaper, it goes on a lot about
how defensive policies are ineffective but doesn't really say why active
response has never been tried:

A. Most of the time dDOS traffic is from spoofed sources anyway so whichever
machine you "return fire" on is probably not the  one that attacked you. 

B. NAT translation means a hacker has a tailor-made defense against any
active repsonse. 

C. Even if you can directly attack a machine being used against you it's
almost certainly not the perpetrator's box, he/she is sitting half a world
away. The box you intentionally destroy is likely some innocent family PC
that was taken over using some unplugged windows security hole. 

D. Widely deployed active defense will give an attacker a new form of dDOS
attack, spoof the source of the one you want to hit in attacking several
"active defense" systems and watch them attack your target for you.

Their proposition is a terrible idea and their "rules of engagement" would
be funny instead of frightening if it wasn't serious

GP


-----Original Message-----
From: Joshua Brady [mailto:jbrady@neoins.com]
Sent: 11 March 2004 01:27
To: isp-chat@isp-chat.com
Cc: nanog@merit.edu
Subject: Counter DoS



http://news.zdnet.co.uk/internet/security/0,39020375,39148215,00.htm 

Comments?



Vodafone Global Content Services Limited 
Registered Office:  Vodafone House, The Connection, Newbury, Berkshire  RG14 2FN

Registered in England No. 4064873 

This e-mail is for the addressee(s) only.  If you are not an addressee, you
must not distribute, disclose, copy, use or rely on this e-mail or its
contents, and you must immediately notify the sender and delete this e-mail
and all copies from your system.  Any unauthorised use may be unlawful.  The
information contained in this e-mail is confidential and may also be legally
privileged.





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.