DDoS Detection Devices

Bistromat writes "The Boston Globe is reporting today that Arbor Networks is marketing a solution to the DDoS attacks that are in vogue with script kiddies today. Their solution is to place filters ("probes") at "peering points" (the points where major ISP's interconnect) to sample and fingerprint traffic so a major DDoS is readily detected and filtered out before the volume becomes unmanageable. " Its interesting to me that the anti-authority script kiddies are going to eventually be the reason and the justification for the authorities monitoring everything we do online. 31337 d00d!

Limit, but not eliminate, DDoS

[rdl]

I've looked into the DDoS problem quite a bit, for obvious reasons.

You can limit DDoS attempts, and probably eliminate all the threats out there today, but a truly crafty attacker would make a DDoS which simply appears as extra traffic. Slashdot people have a lot of experience with this -- what's the difference between a slashdotting and a worm with "download this page" as the payload, widely distributed?

Another problem with a single, centralized company providing DDoS monitoring, notification, and realtime blackholing is that of course that company becomes a central point of attack. If you can simulate a DDoS attempt from company A to company B, you don't need to actually accomplish the DDoS, which may also shield you from legal liability and violation of AUPs.

"In the age old battle of arms vs. armor, arms always triumph". I'm not saying arbor networks is not a valuable service, but I think it will be very difficult to provide any sort of lasting edge vs. a determined packet kiddie. ud.com among
others are already using distributed load-testing, so it's easy to see how powerful a worm/virus with DDoS payload would be. I believe the Zapatista in Mexico did this as a form of protest/attack, and it was successful, in 1998 or 1999.