Re: Mutually Assured DDoS

[Cory Smith <smith () stopddos org>]

Paul Ferguson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Fri, May 1, 2009 at 2:42 PM, Paul M. Moriarty <pmm () igtc com> wrote:
>
>   
> > The "botnet as a weapon" genie is already out of the bottle.  Why
> > shouldn't the military have one too?
> >
> >     
>
> So, are you advocating the fact that all networks in the path of a DDoS
> will suffer the consequences of resource exhaustion?
>
> The whole idea of mutually assured destruction, and collateral damage, are
> ideas that are brain damaged, in my opinion.
>
> Plus, if the IP addresses of the "military botnet" nodes are known &
> public, it is trivial to packet filter them so as to render it basically
> useless.
>
> - - ferg
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.5.3 (Build 5003)
>
> wj8DBQFJ+27aq1pz9mNUZTMRAlwPAJ4hvpLf+tKehg5yRSB+A1du0JaKFwCg24tV
> a5PihvETkLeSHr8hsyY93zw=
> =d4TP
> -----END PGP SIGNATURE-----
>
>
>   
You don't attack the problem with a botnet.  You go at the problem on a 
protocol level.  Tcp Resource Congestion issues like those of the Tcp 
Duplicate Ack (daytona attack) or perhaps Tcp Optimistic Ack.  Attacking 
back is a simple answer, but we are a bunch of smart nerds who can come 
up with a better solution.  Why don't we open up the tables on here over 
the weekend to suggestions?

Cory Smith
Chief Technology Officer
http://www.StopDDoS.org/
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.