In message <[EMAIL PROTECTED]>, Sean Donelan writes: > >On Sat, 18 Jan 2003, Steven M. Bellovin wrote: >> theory, trace a single packet. But the real problem with either idea >> is this: suppose that you know, unambiguously and unequivocally, that >> 750 zombies are attacking you. What do you do with that information? > >The reality is its not 750 zombies, its generally one person controlling >750 zombies attacking you.
Right -- and neither itrace nor hash-based tracing are going to solve that: > > 3) Find and convict the true attacker Hash-based trace might help on that, *if* there was recording of the packets to the zombies. But doing that ubiquitously might -- would? -- turn the Internet into a surveillance state. > > 2) Track and stop DDOS quickly when it does happen That's the point of pushback. >So how do we > 1) Make end-user systems less vulnerable to being compromised That's my real goal... --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of "Firewalls" book)