North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Proactive steps to prevent DDOS?

  • From: Howard C. Berkowitz
  • Date: Mon Jan 29 01:12:43 2001

So which one of those things do you think any of the victims wasn't
doing before, and how will the steps now prevent a future DDOS
attack from affecting its servers?  If the victims had done all of
these things before they were attacked, would it have prevented the
attack from affecting their service?

Those aren't just rhetorical questions, I'm trying to understand
how to approach this.

If you view DDOS as a traffic surge, can we use any lessons from
other phenomenon involving surges, such as vehicle traffic at rush
hour, water runoff from a storm, lightning strike.
I wonder if viewing it as a surge or natural phenomenon is really the right way, or whether using an electronic warfare model is more appropriate. I'm not current in ECM and ECCM methods, but there seem some parallels -- not a complete one -- between being hit by bistatic or multistatic radar illuminators, and by being hit by DDoS.

Remember that stealth isn't a matter of being invisible, but, above all, preventing fire control radar from locking on a target. The more intelligent the DDoS attack, the more likely it is to be adaptive. Radar trackbreakers don't necessarily overpower the emitter, but confuse it.

Hypothetically, if we have a clue which sources are sending the attack, giving them the impression they are succeeding may cause them to go elsewhere, or not add more phantoms.