[e2e] DDoS attack vs. Spoofing of Source Address
David P. Reed
dpreed at reed.com
Wed Jan 18 05:36:40 PST 2006
I wonder if, on an open list like this one, we should be careful about
discussing the relative effectiveness of DDoS attacks on current systems
now deployed.
I am sure there are those employed by various governments and
revolutionary actors who are participants or lurkers here.
My own government has declared itself no longer bound by its own laws
and constitution in its exploitation of the Internet and communications
systems against its own citizens. Joining many other actors, driven by
extremism and ideology of all sorts, seeking power over others. So laws
and social contracts are not currently working, and may not be workable,
in the current international context.
DDoS attacks of a sophisticated sort are like biological weapons - they
can get out of control, cause persistent and permanent damage,
amplifying a small effort into a large effect. It will take much
ingenuity on the part of the human race to develop a way to coexist
safely with such knowledge.
I am not advocating "security by obscurity" here. In fact, I firmly
believe in the exact opposite. Ultimately the science (of the
artificial) that underlies decentralized resilience and robustness is a
solution, and developing that science must occur in the open. But
discussion of specific current vulnerability patterns *is* dangerous,
just as giving out synthesis instructions for ebolavirus, and
encouraging hackers all over the world to make a more virulent ebola,
may be dangerous.
However I don't (and we probably shouldn't) trust any agency of a
government or any terrorist to be responsible at this point in time,
especially if they are lurking here or we have no way to hold them to
account as part of a community. Those of us who have some expertise in
the area of decentralized and viral processes should be really
thoughtful about where we share our knowledge of exploits... just as
some of us, I am sure, would like to call back the naive decisions to
deploy things like ActiveX and BrowserHelperObjects and javascript in
email clients that were made without thinking about managing the risks.
- David
Zhang Miao wrote:
>Hi,
>
>I just have a question related to DDoS Attack and Spoofing of Source Address.
>
>It was common for the DDoS attack to utilize the spoofed source address
>two years ago. And many people told me, it is botnets the main way
>to launch DDoS attack, in which source address is not spoofed.
>
>I'm just curious on the following questions:
>
>(1) What's the situation of the DDoS attack nowadays? Is spoofing of
> source address still a major reason for the DDoS attack?
>
>(2) If most of DDoS attack has shift from using spoofing of source address to
> using botnets, why such shift happens?
> I suppose two reasons:
> 1) Ingress filter has been deployed in many ISPs, and attacker feel it's
> hard to launch such attack now.
> 2) It's easier to launch attack with botnets than with spoofed source address.
> But I am not sure about it.
>
>(3) Is it easier to handle DDoS attack if the source address in the packet
> is authentic?
>
>I'm quite grateful to your answers.
>
>Miao
>
>
>*****************************************************************
>* Zhang Miao *
>* Ph.D, Assistant Professor, Network Research Center *
>* Tsinghua University,Beijing,China(100084) *
>* Tel: (8610)-62795818-6271 *
>* Email: zm at cernet.edu.cn *
>* Web: http://netarchlab.tsinghua.edu.cn/~zm *
>*****************************************************************
>
>
>
>
>
More information about the end2end-interest
mailing list