Slashdot Mirror
Has Progress Been Made In Fighting DDoS Attacks?
alphadogg writes "As the distributed denial-of-service attacks spawned by this week's WikiLeaks events continue, network operators are discussing what progress, if any, has been made over the past decade to detect and thwart DoS attacks. Participants in the North American Network Operators Group (NANOG) e-mail reflector are debating whether any headway has been made heading off DDoS attacks in 10 years. The discussion is occurring while WikiLeaks deals with DDoS attacks after leaking sensitive government information, and sympathizers launch attacks against MasterCard, Visa, PayPal and other significant e-commerce sites."
"sympathizers", when has this word ever been used in a good way
Nazi sympathizers
Russian sympathizers
Terrorist sympathizers
It's a term used to describe supporters of those who you think of as bad.
A neutral term would to be used is simply "supporters".
A number of sources have begun describing DDOS attacks not as cyber-attacks but rather as digital sit-ins that are completely legal. A DDOS (Note the Distributed) is basically a ton of people visiting the site at once so that others can't. In essence, the unknowing visitor to mastercard.com is also contributing to the DDOS by merely visiting the already flooded site (albiet in a small way) just as an unknowing visitor to a bank is contributing to a sit-in by disrupting the flow of work. Their mere presence is making the work more difficult. However, there is nothing illegal about one person visiting a bank and standing there, just like there isn't anything illegal with a number of people going to a bank... at the same time. Ultimately, the question isn't "has progess been made" to stop DDOS attacks, but SHOULD there be progress to stop them? Sounds like an easy question to answer but in the case of freedom of expression, it makes the waters a bit more muddied.
Carl Sagan quotes get you an automatic +5 on all posts.
If you are curious about the slightly deeper and murkier details, this will tell you why handling DDoS attacks is still difficult.
Never trust a spiritual leader who cannot dance -- Mr. Miyagi
No it's not.
It's like a crowd gathered in front of a service window all trying to get an order - only most of them asking for things they don't offer there. Now you as a legitimate customer need to get through that crowd to get to the window and make your order.
The article talks a lot about botnets, but how many botnets are actually involved in the wikileaks attacks? I haven't read about any and my bet is that there probably aren't a lot. Why? Simple, the purpose of most botnets has turned from fun into profit. 10 years ago most of the botnets were designed just to screw with people, delete files, open ports, ddos ebay etc. However over the past 10 years a lot of the creators of botnets have found that they can use the botnets to generate lots of cash by moving spam, selling information etc. I doubt that very many of them would want to risk subjecting their botnets to discovery and removal by getting involved in in such a high profile attack.
Monstar L
I worry that WL is the "cyber 9/11" that people in the IT industry have been dreading since the 1990s.
Here in the US, we have Congresspeople who have been obviously Internet hostile. One of which was one of the reasons Zimmerman made PGP because strong cryptography came perilously close to being made illegal in the early 1990s. And the people still keep trying -- the mid 1990s brought with it the CDA where cursing on the Internet could mean a prison sentence (which took a fight to the Supreme Court to get that overthrown.) Of course, every few years, we have a bill like the INDUCE act, COICA, and many other Internet-hostile acts. Looming over our heads is ACTA which is still in the "make as extreme as possible, then 'compromise'" stage.
The people wanting these laws (likely the same people who want a DRM chip in every single computing peripheral and computer) would score a coup like no other should Congress check their heads in at the door and blindly rubber stamp "anti-cyber-terrorism" laws (like they did with the USAPATRIOT act.) Their long term goal is more revenue streams, and DRM and locked-down operating systems help that greatly.
The result of the lawmaking: iPad-like lockdown on the desktop, NAC on upstream routers that would detect jailbroken hardware and permanently ban machines by IMEI or other identifying ID (think XBL bans for modchipped firmware), all browsing and usage history transmitted to LEOs and ad agencies in real time (with no way of saying "no" to it), forcing people to have a "license" to browse the Internet (and the onus on victims of ID theft to prove otherwise so their access can be regained), and a return to the days where there were no open source alternatives -- either pay someone for a tool (such as a compiler), or do without. To enforce this, machines would have an active DRM chip with its own IP stack and method of automatically downloading new definitions/patches, then randomly freezing and scanning the memory space looking for suspected items. Machines would also have an antivirus utility that would run in protected space to look for signatures of music or video files, then phone home about it, leading to the user either permanently losing net access, or actually getting raided and the equipment seized via civil means (similar to how cars are seized due to drug charges.)
Ironically, Joe Sixpack wouldn't care, until he has to pay money per play of his favorite Ke$ha song.
Yes, this sounds like a dystopian fantasy, but the technology is there (CISCO's NAC, active DRM chips [1], XBL bans, Internet IDs in Korea and China, just a few companies providing Internet service, large wholesale moves of the population from "open" devices like Netbooks to closed/locked down platforms [2] like the iPad, a wholesale move by Microsoft and Apple to application stores on the desktop.) If given enough impetus, one can see companies connecting the dots and going a good way in locking down the Internet. Of course, it wouldn't be 100%, but it can be effective. Especially if people's software investments are tied down to a user account (Steam, Apple Store, Google's App Store), and they could easily lose access to all their purchased software in an instant should piracy be suspected. This could be compared to Valve's Anti-Cheat where access can be taken away to all multiplayer games in an instant with no recourse [3], except with all other software that one purchases, perhaps even the license for the OS itself.
Of course, the world != the US. It would obviously cause an exodus of talent from the US to elsewhere (such as during the 1990s where all the cryptographic R&D moved from the US to Russia and Israel during the times when exporting a DES routine had the same criminal penalty as selling a nuke.)
I don't want to sound like a doomsayer, but there are a lot of well-heeled people and organizations who would love to see the Internet return to being a Compuserve with complete control of who accesses what, how many fees can be attached, dissidents bei
How do you differentiate a DDoS attack from the usual slashdotting of a web site?
One is intentionally malicious with the intent to bring down the site. The other is usually the Botnet on Autopilot.