When will the ISPs start getting off their respecitve behinds and start doing something about this? With the broadband ISPs subnets accounting for so much of the destructive power of these DDoS attacks, they have a responsibility to at least attempt to ameliorate their impact.
It's not hard to set up simple routing rules to at least curb some of these attacks. Hell, a lot of ISPs still even route spoofed IP packets out of their networks - this is nowhere near acceptable. Realistically, there is no real application for a constant stream of ICMP traffic coming from a single node - there should at least be a maximum allocatable bandwidth for ICMP set at the ISPs gateway. Obviously UDP and TCP based floods are more difficult to manage, but throttling ICMP based floods would be a step in the right direction.
All this is IMHO, of course - users have a responsibility to secure their machines, obviously, but it's going to be a hell of a lot easier to secure a few gateways and routers than a million home PCs.
Apparently, in Japan, creating works based on someone's creations is considered flattery towards the creator. Sounds good to me - I'd be pretty happy if someone thought enough of my work to want to make works derived from it.
Bear in mind, though, that there is a very fine line between flattery and profiteering off someone elses hard work...
Slashdot Mirror
I mean really - how hard would it be to put a one line description about what the Parsec project is in the article body?
Parsec project: Fast-paced multiplayer cross-platform 3D Internet space combat
There... That didn't hurt too much, did it?
When will the ISPs start getting off their respecitve behinds and start doing something about this? With the broadband ISPs subnets accounting for so much of the destructive power of these DDoS attacks, they have a responsibility to at least attempt to ameliorate their impact.
It's not hard to set up simple routing rules to at least curb some of these attacks. Hell, a lot of ISPs still even route spoofed IP packets out of their networks - this is nowhere near acceptable. Realistically, there is no real application for a constant stream of ICMP traffic coming from a single node - there should at least be a maximum allocatable bandwidth for ICMP set at the ISPs gateway. Obviously UDP and TCP based floods are more difficult to manage, but throttling ICMP based floods would be a step in the right direction.
All this is IMHO, of course - users have a responsibility to secure their machines, obviously, but it's going to be a hell of a lot easier to secure a few gateways and routers than a million home PCs.
Apparently, in Japan, creating works based on someone's creations is considered flattery towards the creator. Sounds good to me - I'd be pretty happy if someone thought enough of my work to want to make works derived from it.
Bear in mind, though, that there is a very fine line between flattery and profiteering off someone elses hard work...