One big problem (IMHO) of DDoS is that sources (the host of botnets)
may be completely unaware that they are part of a DDoS. I do not mean the bot
machine, I mean the ISP connecting those.
In the other hand the target of a DDoS cannot do anything to stop to
attack besides adding more BW or contacting one by one the whole path of
providers to try to minimize the effect.
I know that this has many security concerns, but would it be good a
signalling protocol between ISPs to inform the sources of a DDoS attack in
order to take semiautomatic actions to rate-limit the traffic as close as the
source? Of course that this is more complex that these three or two lines, but
I wonder if this has been considerer in the past.
Regards.
-as
On 8 Dec 2010, at 10:00, nanog-requ...@nanog.org wrote:
> Date: Wed, 8 Dec 2010 10:58:38 +0000
> From: bmann...@vacation.karoshi.com
> Subject: Re: Over a decade of DDOS--any progress yet?
> To: "Dobbins, Roland" <rdobb...@arbor.net>
> Cc: North American Operators' Group <nanog@nanog.org>
> Message-ID: <20101208105838.gd5...@vacation.karoshi.com.>
> Content-Type: text/plain; charset=us-ascii
>
>
> actually, botnets are an artifact. claiming that the tool is the problem
> might be a bit short sighted. with the evolution of Internet technologies
> (IoT) i suspect botnet-like structures to become much more prevelent and
> useful for things other than coordinated attacks.
>
> just another PoV.
>
> --bill
>
> On Wed, Dec 08, 2010 at 04:46:13AM +0000, Dobbins, Roland wrote:
>>
>> On Dec 8, 2010, at 11:26 AM, Sean Donelan wrote:
>>
>>> Other than trying to hide your real address, what can be done to prevent
>>> DDOS in the first place.
>>
>>
>> DDoS is just a symptom. The problem is botnets.
>>
>> Preventing hosts from becoming bots in the first place and taking down
>> existing botnets is the only way to actually *prevent* DDoS attacks. Note
>> that prevention is distinct from *defending* oneself against DDoS attacks.
>>
>> -----------------------------------------------------------------------
>> Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com>
>>
>> Sell your computer and buy a guitar.
>>
>>
>>
>>
>>
>
