[e2e] DDoS attack vs. Spoofing of Source Address

Mark Baugher mbaugher at cisco.com
Thu Jan 19 10:23:08 PST 2006


On Jan 18, 2006, at 5:36 AM, David P. Reed wrote:

> I wonder if, on an open list like this one, we should be careful about
> discussing the relative effectiveness of DDoS attacks on current  
> systems
> now deployed.

To me, it seems important to discuss vulnerabilities and news of  
exploits with describing publicly how to exploit vulnerabilities.   
Otherwise, it's like keeping the fact that the government is tapping  
the conversations of its citizens secret when any competent criminal  
would assume that in the first place.

Mark
>
> I am sure there are those employed by various governments and
> revolutionary actors who are participants or lurkers here.
>
> My own government has declared itself no longer bound by its own laws
> and constitution in its exploitation of the Internet and  
> communications
> systems against its own citizens. Joining many other actors, driven by
> extremism and ideology of all sorts, seeking power over others. So  
> laws
> and social contracts are not currently working, and may not be  
> workable,
> in the current international context.
>
> DDoS attacks of a sophisticated sort are like biological weapons -  
> they
> can get out of control, cause persistent and permanent damage,
> amplifying a small effort into a large effect. It will take much
> ingenuity on the part of the human race to develop a way to coexist
> safely with such knowledge.
>
> I am not advocating "security by obscurity" here. In fact, I firmly
> believe in the exact opposite. Ultimately the science (of the
> artificial) that underlies decentralized resilience and robustness  
> is a
> solution, and developing that science must occur in the open. But
> discussion of specific current vulnerability patterns *is* dangerous,
> just as giving out synthesis instructions for ebolavirus, and
> encouraging hackers all over the world to make a more virulent ebola,
> may be dangerous.
>
> However I don't (and we probably shouldn't) trust any agency of a
> government or any terrorist to be responsible at this point in time,
> especially if they are lurking here or we have no way to hold them to
> account as part of a community. Those of us who have some expertise in
> the area of decentralized and viral processes should be really
> thoughtful about where we share our knowledge of exploits... just as
> some of us, I am sure, would like to call back the naive decisions to
> deploy things like ActiveX and BrowserHelperObjects and javascript in
> email clients that were made without thinking about managing the  
> risks.
>
> - David
>
> Zhang Miao wrote:
>
>> Hi,
>>
>> I just have a question related to DDoS Attack and Spoofing of  
>> Source Address.
>>
>> It was common for the DDoS attack to utilize the spoofed source  
>> address
>> two years ago. And many people told me, it is botnets the main way
>> to launch DDoS attack, in which source address is not spoofed.
>>
>> I'm just curious on the following questions:
>>
>> (1) What's the situation of the DDoS attack nowadays? Is spoofing of
>>    source address still a major reason for the DDoS attack?
>>
>> (2) If most of DDoS attack has shift from using spoofing of source  
>> address to
>>    using botnets, why such shift happens?
>>    I suppose two reasons:
>>    1) Ingress filter has been deployed in many ISPs, and attacker  
>> feel it's
>>       hard to launch such attack now.
>>    2) It's easier to launch attack with botnets than with spoofed  
>> source address.
>>    But I am not sure about it.
>>
>> (3) Is it easier to handle DDoS attack if the source address in  
>> the packet
>>    is authentic?
>>
>> I'm quite grateful to your answers.
>>
>> Miao
>>
>>
>> *****************************************************************
>> *    Zhang Miao                                                 *
>> *    Ph.D, Assistant Professor, Network Research Center         *
>> *    Tsinghua University,Beijing,China(100084)                  *
>> *    Tel: (8610)-62795818-6271                                  *
>> *    Email: zm at cernet.edu.cn                                 *
>> *    Web: http://netarchlab.tsinghua.edu.cn/~zm                 *
>> *****************************************************************
>>
>>
>>
>>
>>


More information about the end2end-interest mailing list