From rdobbins@arbor.net Fri Jul 6 02:32:16 2018 From: "Dobbins, Roland" To: cypherpunks-legacy@lists.cpunks.org Subject: Re: Over a decade of DDOS--any progress yet? Date: Fri, 06 Jul 2018 02:32:16 +0000 Message-ID: <172289266848.3881296.14565159807283312061.generated@mail.pglaf.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8117212880971898418==" --===============8117212880971898418== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Dec 6, 2010, at 2:50 PM, Sean Donelan wrote: > Other than buying lots of bandwidth and scrubber boxes, have any other DDOS= attack vectors been stopped or rendered useless during the last=20 > decade? These .pdf presos pretty much express my view of the situation, though I do n= eed to rev the first one: The bottom line is that there are BCPs that help, but which many folks don't = seem to deploy, and then there's little or no thought at all given to maintai= ning availability when it comes to server/service/app architecture and operat= ions, except by the major players who'd been through the wringer and invest t= he time and resources to increase their resilience to attack. Of course, the fundamental flaws in the quarter-century old protocol stack we= 're running, with all the same problems plus new ones carried over into IPv6,= are still there. Couple that with the brittleness, fragility, and insecurit= y of the DNS & BGP, and the fact that the miscreants have near-infinite resou= rces at their disposal, and the picture isn't pretty. And nowadays, the attackers are even more organized and highly motivated (OC,= financial/ideological) and therefore more highly incentivized to innovate, t= he tools are easy enough for most anyone to make use of them, and tthe servic= es/apps they attack are now of real importance to ordinary people.=20 So, while the state of the art in defense has improved, the state of the art = and resources available to the attackers have also dramatically improved, and= the overall level of indifference to the importance of maintaining availabil= ity is unchanged - so the overall situation itself is considerably worse, IMH= O. The only saving grace is that the bad guys often make so much money via i= dentity theft, click-fraud, spam, and corporate/arm's-length governmental esp= ionage that they'd rather keep the networks/services/servers/apps/endpoints u= p and running so that they can continue to monetize them in other ways. ----------------------------------------------------------------------- Roland Dobbins // Sell your computer and buy a guitar. ----- End forwarded message ----- --=20 Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE --===============8117212880971898418==--