One big problem (IMHO) of DDoS is that sources (the host of botnets) may be completely unaware that they are part of a DDoS. I do not mean the bot machine, I mean the ISP connecting those.
In the other hand the target of a DDoS cannot do anything to stop to attack besides adding more BW or contacting one by one the whole path of providers to try to minimize the effect. I know that this has many security concerns, but would it be good a signalling protocol between ISPs to inform the sources of a DDoS attack in order to take semiautomatic actions to rate-limit the traffic as close as the source? Of course that this is more complex that these three or two lines, but I wonder if this has been considerer in the past. Regards. -as On 8 Dec 2010, at 10:00, nanog-requ...@nanog.org wrote: > Date: Wed, 8 Dec 2010 10:58:38 +0000 > From: bmann...@vacation.karoshi.com > Subject: Re: Over a decade of DDOS--any progress yet? > To: "Dobbins, Roland" <rdobb...@arbor.net> > Cc: North American Operators' Group <nanog@nanog.org> > Message-ID: <20101208105838.gd5...@vacation.karoshi.com.> > Content-Type: text/plain; charset=us-ascii > > > actually, botnets are an artifact. claiming that the tool is the problem > might be a bit short sighted. with the evolution of Internet technologies > (IoT) i suspect botnet-like structures to become much more prevelent and > useful for things other than coordinated attacks. > > just another PoV. > > --bill > > On Wed, Dec 08, 2010 at 04:46:13AM +0000, Dobbins, Roland wrote: >> >> On Dec 8, 2010, at 11:26 AM, Sean Donelan wrote: >> >>> Other than trying to hide your real address, what can be done to prevent >>> DDOS in the first place. >> >> >> DDoS is just a symptom. The problem is botnets. >> >> Preventing hosts from becoming bots in the first place and taking down >> existing botnets is the only way to actually *prevent* DDoS attacks. Note >> that prevention is distinct from *defending* oneself against DDoS attacks. >> >> ----------------------------------------------------------------------- >> Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com> >> >> Sell your computer and buy a guitar. >> >> >> >> >> >