North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Make Inggress Filtering the LAW for all ISPs!
On Fri, 11 Feb 2000, Sam Thomas wrote: > > On Wed, Mar 19, 2036 at 12:35:53PM -0700, Toplez Razer wrote: > > > > It should eliminate 99.9% of DOS attacks! > > get off my soapbox! :-) > > unfortunately, the new breed of ddos is even naughtier than smurf. it relies > on compromised hosts on which a daemon is placed to listen to requests, and > begin flooding someone else's network. really quite effective, and there > isn't just a whole lot of router magic that can save our butts from this. > good host security is absolutely essential to prevent the problem, and it's > not something where a bunch of rogue geeks can go around pointing fingers > and "blacklisting" potential middle-men as easily as they've done with > smurf and friends. The number of such incidents could be greatly reduced if regular security audits by competent individuals were performed before shipping software. I truly believe that many folks have it backwards: It's not the admins of the "250,000 hosts" that need to be educated as much as it is the (by comparison) handful of software manufacturers. Most of these attacks are successful because the majority of people seem to run "out of the box" configurations. This should serve to indicate that "out of the box" is woefully inadequate(being responsible for locking down boxes on a regular basis I can attest to that...) /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ Patrick Greenwell Earth is a single point of failure. \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/