If only there were other security experts on this list with a proven ability to make this thread even more absurd.
On 16/03/2010, at 4:47 PM, Guillaume FORTAINE wrote: > Misters, > > Thank you for your reply. > > 1) First of all, I am absolutely not related to the Obeseus project. From my > point of view, the interesting things were that : > > a) This project was unknown. > > http://www.google.com/search?q="obeseus"+"ddos"&btnG=Search&hl=en&esrch=FT1&sa=2 > > > b) This project comes from an ISP. > > http://www.loud-fat-bloke.co.uk/links.html > > > c) Its code is Open Source. > > http://www.loud-fat-bloke.co.uk/tools/obeseusvB.tar.gz > > > My conclusion is that I give far more credit to Obeseus than to Arbor > Networks. By the way, I am surprised that this post didn't generate more > interest given the uninteresting babble that I have been forced to read in > the past on the NANOG mailing-list from the so-called "experts". > > > 2) EDoS is a "DDoS 2.0" > > DDoS is about malicious traffic. > > EDoS is malicious traffic engineered to look like legitimate one. > > However, the goal is the same : "to obliterate the service infrastructure", > to quote Mister Morrow. > > > > 3) I do my homeworks something that doesn't seem to be the case for a lot of > people on this mailing-list. > > a) I would want to highlight the post of Tom Sands, Chief Network Engineer, > Rackspace Hosting entitled "DDoS mitigation recommendations" [1]. > > -It seems evidence that he tried the Arbor solution so the three "Arbor++" > mails don't make sense. > > -About the fourth one : > > "Sorry but RTFM > > http://mailman.nanog.org/pipermail/nanog/2010-January/thread.html#16675 > > Best regards" > > Hey kid, Tom Sands subscribed nearly a decade ago on the NANOG mailing-list. > When you went out of school, he was already dealing with DoS concerns : > > http://www.mcabee.org/lists/nanog/Jan-02/msg00177.html > > > > b) I am really asking myself how much credit I could give to a spam expert, > Suresh Ramasubramanian, about a DDoS related post [2]. > > > c) Mister Morrow, even if you are a Network Security engineer at Google [3] > (morr...@google.com) : > > -You didn't provide any useful feedback on Obeseus. > > -You totally missed the point on my other mails. > > This is definitely disappointing. > > > Is this mailing-list a joke ? > > Especially, where is Roland Dobbins ? > > > Best Regards, > > Guillaume FORTAINE > > [1] http://mailman.nanog.org/pipermail/nanog/2010-January/016675.html > [2] http://www.hserus.net/ > [3] http://www.linkedin.com/in/morrowc > > > > On 03/16/2010 03:11 AM, Suresh Ramasubramanian wrote: >> I got your point. What I was saying is that what he calls EDoS (and >> I'm sure he'll say obliterating infrastructure is the ultimate form of >> an economic dos) is just what goes on ... >> >> You may or may not be able to overload the AWS infrastructure by too >> many queries but you sure as hell will blow the application out if >> that ddos isnt filtered .. edos again. >> >> On Tue, Mar 16, 2010 at 7:35 AM, Christopher Morrow >> <morrowc.li...@gmail.com> wrote: >> >>> >>> eh.. I guess I'm splitting hairs. the goal of 100k bots sending 1 >>> query per second to a service that you know can only sustain 50k >>> queries/second is.. not to economically Dos someone, it's to >>> obliterate their service infrastructure. >>> >>> Sure, you could ALSO target something hosted (for instance) at >>> Amazon-AWS and increase costs by making lots and lots and lots of >>> queries, but that wasn't the point of what Deepak wrote, nor what i >>> corrected. >>> >> >> >> > > > !DSPAM:22,4b9effc213882481555555! > >