RE: DDOS anecdotes

[Tim Wilde <twilde () dyndns org>]

> This is a real problem. It's not FUD. Microsofts choice to include full
> IP stack capabilities will make the problem worse, but I do not blame
> their IP stack for this like Mr Gibson does though.

Oh, it's most certainly a real problem, but I don't agree that the changes
in Win XP will really make any difference whatsoever.  With some very
trivial driver additions, raw sockets can be accessed under any previous
version of Windows, just like in XP.  That's where the FUD comes in -
Gibson, it seems, is just trying to drum up support for whatever his next
big project is to magically make your computer safe.

> What should we do?

Well, like has already been mentioned, somehow getting people to filter
properly could help - we got hit by a (unrelated, we think) spoofed SYN
flood a few days back.  If that ISP had simply egress filtered their
traffic, that person using a single machine (only guessing here) couldn't
have sent their 200k/sec of spoofed SYN at us.  I'm sure they could have
found another way, but it would have made them work a little harder, and
this type of person often doesn't want to bother with that extra little
bit of work, and would just give up.

Tim

-- 
Tim Wilde
twilde () dyndns org
Systems Administrator
Dynamic DNS Network Services
http://www.dyndns.org/