Has Progress Been Made In Fighting DDoS Attacks?

alphadogg writes "As the distributed denial-of-service attacks spawned by this week's WikiLeaks events continue, network operators are discussing what progress, if any, has been made over the past decade to detect and thwart DoS attacks. Participants in the North American Network Operators Group (NANOG) e-mail reflector are debating whether any headway has been made heading off DDoS attacks in 10 years. The discussion is occurring while WikiLeaks deals with DDoS attacks after leaking sensitive government information, and sympathizers launch attacks against MasterCard, Visa, PayPal and other significant e-commerce sites."

Re:Is DDoS a crime?

No it's not.

It's like a crowd gathered in front of a service window all trying to get an order - only most of them asking for things they don't offer there. Now you as a legitimate customer need to get through that crowd to get to the window and make your order.

Re:This reminds me of WW 1

I worry that WL is the "cyber 9/11" that people in the IT industry have been dreading since the 1990s.

Here in the US, we have Congresspeople who have been obviously Internet hostile. One of which was one of the reasons Zimmerman made PGP because strong cryptography came perilously close to being made illegal in the early 1990s. And the people still keep trying -- the mid 1990s brought with it the CDA where cursing on the Internet could mean a prison sentence (which took a fight to the Supreme Court to get that overthrown.) Of course, every few years, we have a bill like the INDUCE act, COICA, and many other Internet-hostile acts. Looming over our heads is ACTA which is still in the "make as extreme as possible, then 'compromise'" stage.

The people wanting these laws (likely the same people who want a DRM chip in every single computing peripheral and computer) would score a coup like no other should Congress check their heads in at the door and blindly rubber stamp "anti-cyber-terrorism" laws (like they did with the USAPATRIOT act.) Their long term goal is more revenue streams, and DRM and locked-down operating systems help that greatly.

The result of the lawmaking: iPad-like lockdown on the desktop, NAC on upstream routers that would detect jailbroken hardware and permanently ban machines by IMEI or other identifying ID (think XBL bans for modchipped firmware), all browsing and usage history transmitted to LEOs and ad agencies in real time (with no way of saying "no" to it), forcing people to have a "license" to browse the Internet (and the onus on victims of ID theft to prove otherwise so their access can be regained), and a return to the days where there were no open source alternatives -- either pay someone for a tool (such as a compiler), or do without. To enforce this, machines would have an active DRM chip with its own IP stack and method of automatically downloading new definitions/patches, then randomly freezing and scanning the memory space looking for suspected items. Machines would also have an antivirus utility that would run in protected space to look for signatures of music or video files, then phone home about it, leading to the user either permanently losing net access, or actually getting raided and the equipment seized via civil means (similar to how cars are seized due to drug charges.)

Ironically, Joe Sixpack wouldn't care, until he has to pay money per play of his favorite Ke$ha song.

Yes, this sounds like a dystopian fantasy, but the technology is there (CISCO's NAC, active DRM chips [1], XBL bans, Internet IDs in Korea and China, just a few companies providing Internet service, large wholesale moves of the population from "open" devices like Netbooks to closed/locked down platforms [2] like the iPad, a wholesale move by Microsoft and Apple to application stores on the desktop.) If given enough impetus, one can see companies connecting the dots and going a good way in locking down the Internet. Of course, it wouldn't be 100%, but it can be effective. Especially if people's software investments are tied down to a user account (Steam, Apple Store, Google's App Store), and they could easily lose access to all their purchased software in an instant should piracy be suspected. This could be compared to Valve's Anti-Cheat where access can be taken away to all multiplayer games in an instant with no recourse [3], except with all other software that one purchases, perhaps even the license for the OS itself.

Of course, the world != the US. It would obviously cause an exodus of talent from the US to elsewhere (such as during the 1990s where all the cryptographic R&D moved from the US to Russia and Israel during the times when exporting a DES routine had the same criminal penalty as selling a nuke.)

I don't want to sound like a doomsayer, but there are a lot of well-heeled people and organizations who would love to see the Internet return to being a Compuserve with complete control of who accesses what, how many fees can be attached, dissidents bei

Re:DDOS = Digital Sit-in

[Duradin]

With a sit in, the protestor faces the (immediate) risk of arrest. With a sit in once they are asked to leave and they refuse it becomes trespass and the cops can be called in to clear them out. Not so with a DDoS.

Equating DDoS with sit-ins is a disservice to the sit-in as a valid form of protest.