Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Counter DoS

  • From: Drew Weaver
  • Date: Thu Mar 11 16:12:40 2004



-----Original Message-----
From: Gregory Taylor [mailto:greg@xwb.com] 
Sent: Thursday, March 11, 2004 3:55 PM
To: Rachael Treu
Cc: nanog@merit.edu
Subject: Re: Counter DoS



Yes, lets allow the kiddies who already get away with as little work as 
they can in order to produce the most destruction they can, the ability 
to use these 'Security Systems' as a new tool for DoS attacks against 
their enemies.

Scenerio:

Lets say my name is: l33th4x0r

I want to attack  joeblow.cable.com because joeblow666 was upset that I 
called his mother various inappropriate names.

I find IP for joeblow.cable.com to be 192.168.69.69

I find one of these 'security' systems, or multiple security systems, 
and i decide to forge a TCP attack from 192.168.69.69 to these 'security 
systems'.

These 'security systems' then, thinking joeblow is attacking their 
network, will launch a retaliatory attack against the offender, 
192.168.69.69 thus destroying his connectivity.

Kiddie 1   Joeblow 0    The Internet as a whole 0


Greg

---

	Rant/	

	Their solution isn't the best idea out there, but something
definitely needs to be done, and quickly. Network providers shouldn't have
to purchase 4x the amount of bandwidth that they need just in case someone
hijacks a bunch of cable modems and wants to party.
	
	Perhaps their bad idea will lead to a better idea, its happened
before with how many countless practices on the internet? You start with a
blurry idea, then someone else takes it and makes it work. Im not saying
ddosing people back is the best idea, but something needs to happen, we
waste way too much time and money mitigating these attacks, when in reality
they cant be mitigated unless you continue to throw cash into the bandwidth
bucket.

	These DSL and cable modem companies need to tighten things up so
that if their users are abusive (and I don't claim to know how exactly the
parameters of abuse should be measured) that their systems automatically
choke them. For example, I have a Cable modem /w rr at my home, they have my
upstream limited to next to nothing, how much damage could I possibly do? 

	On the other hand I've seen attacks from some residential DSL
providers that have hit with over 500KB(bytes)ps from a single machine, if
you have maybe 20 of these hitting one of your interfaces, its going to
cause latency, unless your upstream, or their downstream is doing something
to protect you, which they wont.

	/Rant
-Drew
 




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.