A Peek At Script Kiddie Culture

Brian Bruns writes "NewsForge is covering an article on the Script Kiddie Culture, in an interview with my co-admin Andrew Kirch. It provides insight into a culture that not many people fully understand, or get to see."

Paul Vixie quoted in the article (via a link)

[BrookHarty]

Paul Vixie quoted in the article (via a link)

'Recommendation: upgrade your peering requirements to include language like:

Each peer agrees to emit only IP packets with accurate
source addresses, to require their customers to do likewise,
and to extend this requirement to all other peers by $DATE.

Where DATE = (now() + '6 months') or some other negotiated value.



Peering agreements are so thick with political BS, they can't even stop ISP's like UUNet who are the biggest spam friendly ISP's around.

Basically everyone is trying to use standards for protocols to correct this, engineers trying to correct political problems.

Re:addendum to topic paragraph

[poptix_work]

"these places" being EFNet, no.

Re:not many people fully understand, or get to see

[Zeinfeld]

And Joe Poweruser? He should peek at the iptables-log, laugh, drink a cup of coffe and get back to his code.

The point of DDoS is that it hits everyone. Sure we get huge numbers of DDoS attacks at work, sure none has ever taken us down. But the check that we have to write to ensure that is huge, millions a month.

Here is a take on this issue from Phill Hallam-Baker:

OK so a second bite at the same article, lets take a look at those DDoS schemes.

According to the article the ISPs are unresponsive to take down requests, the FBI do not take notice. I know that people keep making this complaint but there are high tech crimes units in the major cities and they are looking to takedown these guys. And at the moment the demand is such that DDoS is being treated as if it was a littering offense.

I think we need a better primer on how to prepare a case for law enforcement. I guess it is possible if you read the article carefully that the desk guy thought this particular person had been getting evidence by hacking.

We can't expect to do this with law enforcement in the loop every time. Lets change the model, law enforcement only get involved if the ISPs fail to act, and instead of just going after the hacker there is a liability for the ISP.

This is consistent with fire department model of government security regulations. You can do pretty much anything to your house decoration wise. Government only gets involved when safety is the issue. In particular the fire dept won't let you build a house that is a fire-trap, in part because it might set fire to buildings arround it.

Here we have ISPs that are forwarding bogons. It seems to me that this should not be that difficulty to prevent. A $500 box performing passive listening at the cable head end could sound an alert when there is a bogon attack. You don't have to look at every packet, all you need to do is to look at a sample. If you see an ethernet MAC spewing bogons you shut it down.

Another approach would be to push the bogon prevention right to the cable modem. Why on earth would these let bogon injection take place in the first place? Sure there will be some hacked modems, but DDoS is comming from hijacked machines.

Cable modems, NAT boxes and the like should have limiters built in to prevent the creation of ridiculous numbers of SYN packets or outgoing UDP packets to reserved system ports like DNS. It is pretty easy to think of numbers that should be no inconvenience to any legitimate use, and there could be an option to turn them off in any case. But why give every home user the equivalent of a loaded machine gun when they don't need or want one?

Reduce the value of your machine to a hacker, reduce the probability of attack?