Re: OBESEUS - A new type of DDOS protector

[Nathan Ward <nanog () daork net>]

If only there were other security experts on this list with a proven ability to make this thread even more absurd.

On 16/03/2010, at 4:47 PM, Guillaume FORTAINE wrote:

> Misters,
>
> Thank you for your reply.
>
> 1) First of all, I am absolutely not related to the Obeseus project. From my point of view,  the interesting things 
> were that :
>
> a) This project was unknown.
>
> http://www.google.com/search?q="obeseus"+"ddos"&btnG=Search&hl=en&esrch=FT1&sa=2
>
>
> b) This project comes from an ISP.
>
> http://www.loud-fat-bloke.co.uk/links.html
>
>
> c) Its code is Open Source.
>
> http://www.loud-fat-bloke.co.uk/tools/obeseusvB.tar.gz
>
>
> My conclusion is that I give far more credit to Obeseus than to Arbor Networks. By the way, I am surprised that this 
> post didn't generate more interest given the uninteresting babble that I have been forced to read in the past on the 
> NANOG mailing-list from the so-called "experts".
>
>
> 2) EDoS is a "DDoS 2.0"
>
> DDoS is about malicious traffic.
>
> EDoS is malicious traffic engineered to look like legitimate one.
>
> However, the goal is the same : "to obliterate the service infrastructure", to quote Mister Morrow.
>
>
>
> 3) I do my homeworks something that doesn't seem to be the case for a lot of people on this mailing-list.
>
> a) I would want to highlight the post of Tom Sands, Chief Network Engineer, Rackspace Hosting entitled "DDoS 
> mitigation recommendations" [1].
>
> -It seems evidence that he tried the Arbor solution so the three "Arbor++" mails don't make sense.
>
> -About the fourth one :
>
> "Sorry but RTFM
>
> http://mailman.nanog.org/pipermail/nanog/2010-January/thread.html#16675
>
> Best regards"
>
> Hey kid, Tom Sands subscribed nearly a decade ago on the NANOG mailing-list. When you went out of school, he was 
> already dealing with DoS concerns :
>
> http://www.mcabee.org/lists/nanog/Jan-02/msg00177.html
>
>
>
> b) I am really asking myself how much credit I could give to a spam expert, Suresh Ramasubramanian, about a DDoS 
> related post [2].
>
>
> c) Mister Morrow, even if you are a Network Security engineer at Google [3] (morrowc () google com) :
>
> -You didn't provide any useful feedback on Obeseus.
>
> -You totally missed the point on my other mails.
>
> This is definitely disappointing.
>
>
> Is this mailing-list a joke ?
>
> Especially, where is Roland Dobbins ?
>
>
> Best Regards,
>
> Guillaume FORTAINE
>
> [1] http://mailman.nanog.org/pipermail/nanog/2010-January/016675.html
> [2] http://www.hserus.net/
> [3] http://www.linkedin.com/in/morrowc
>
>
>
> On 03/16/2010 03:11 AM, Suresh Ramasubramanian wrote:
> > I got your point.  What I was saying is that what he calls EDoS (and
> > I'm sure he'll say obliterating infrastructure is the ultimate form of
> > an economic dos) is just what goes on ...
> >
> > You may or may not be able to overload the AWS infrastructure by too
> > many queries but you sure as hell will blow the application out if
> > that ddos isnt filtered .. edos again.
> >
> > On Tue, Mar 16, 2010 at 7:35 AM, Christopher Morrow
> > <morrowc.lists () gmail com>  wrote:
> >   
> > > eh.. I guess I'm splitting hairs. the goal of 100k bots sending 1
> > > query per second to a service that you know can only sustain 50k
> > > queries/second is.. not to economically Dos someone, it's to
> > > obliterate their service infrastructure.
> > >
> > > Sure, you could ALSO target something hosted (for instance) at
> > > Amazon-AWS and increase costs by making lots and lots and lots of
> > > queries, but that wasn't the point of what Deepak wrote, nor what i
> > > corrected.
> > >     
> >
> >
> >   
>
>
> !DSPAM:22,4b9effc213882481555555!