40-Gbps DDoS Attacks Worry Even Tier-1 ISPs 146
sturgeon and other readers let us know that Arbor Networks has released their annual survey of tier-1 / tier-2 ISP security engineers. This year they got responses from 70 lead engineers. While DDoS attacks are reaching new heights of backbone-crushing traffic — 40 Gbps was seen this past year — the insiders are also worried about emerging threats to DNS and BGP. The summary notes that "Most believe that the DNS cache poisoning flaw disclosed earlier this year was poorly handled and increased the danger of the threat," but doesn't spell out what a better way of handling it might have been. All in all, the ISPs sound a bit pessimistic — one says "fewer resources, less management support, and increased workload." You can request the full PDF report here, but it will cost you contact information. In related news, an anonymous reader passes along a survey by Secure Computing of 199 international security experts and other "industry insiders" from utilities, oil and gas, financial services, government, telecommunications, transportation and other critical infrastructure industries. They are worried too.
Re:let it collapse (Score:2, Informative)
nah we will just pay 700 billion to prop it up for a few months and let the next guy deal with it.
I think realistically 700 billion could fix the internet in the entire US. It would make up for the 200 billion we lost a few years ago.* Not only that we could use it to help our friends to the north.
* Article [webpronews.com], first one I found about it.
Key comments (Score:5, Informative)
Re:what's scarier, or not (Score:5, Informative)
Back in the day (about a decade ago), you could "smurf" folks, which is a form of reflective amplification. The process was fairly simple: you'd ping a network's broadcast address with a packet spoofed to appear to come from your victim. At the time, most networks weren't filtering the broadcast traffic. As a result all the hosts on that network would respond to the ping. Back in the days of 14.4 modems, you could easily blow somebody offline while generating a very tiny volume of traffic.
---> ping (src: victim [spoofed], dest: broadcast address of large network)
<=== large number of icmp responses (src: addresses in large network, dest: victim)
I'd guess that the attack is similar in concept.
Re:let it collapse (Score:4, Informative)
I do wonder how effective that would be, my grandfather with in the CCC and was involved in building the Hoover dam.
Did this actually help with the depression?
Also they lost more than $700b, that was just the amount they needed to stay solvent. Alan Greenspan's reaction was priceless saying that he'd expected banks to take reasonable risks and not commit suicide. It was in their own interests to self-regulate but surprise surprise, greed won out.
DO NOT WANT MORE SPAM!!!! (Score:5, Informative)
Re:let it collapse (Score:5, Informative)
Give the electric companies 2 choices: Fix your own damn shit with your profits or we fix it and lease it back to you or nationalize you.
Sure there are people that are going to bitch because they're used to their handout. But handouts aren't going to help anyone. Make everyone work.
It's not perfect but it's a hell of a lot better than handing it over to a bunch of people who managed to already lose $700b.
[0].M-F you live in work housing or you work 4 - 10s or 7 on 7 off.
I hate to ruin your rant with what we call "facts", but the grid in the United States is not owned by private companies that you can just boss around from your ivory tower of uninformed tripe. It is an amalgamation of state-run and multi-state entities called ISOs (Independent System Operators) that both contract and coordinate with the transmission agencies in concert with privately-owned and state-owned generation assets to produce consistent and reliable power. A grid, in the strictest sense of the word, is a series of transmission lines, owned by multiple companies, that are interlinked and under the complete autonomy of the ISO. Nothing happens without the permission and direction of the ISO or FERC (and NERC as its enforcement arm). The grid is aging, but since the ultimate authority to direct replacement lies with both federal, state, and multi-state agencies, who precisely in your little world bears the fiscal burden?
May I suggest for your education:
http://www.ferc.gov/ [ferc.gov]
http://www.nerc.com/ [nerc.com]
And for ISOs:
http://www.ercot.com/ [ercot.com]
http://www.caiso.com/ [caiso.com]
http://www.nyiso.com/public/index.jsp [nyiso.com]
http://www.pjm.com/index.jsp [pjm.com]
http://www.midwestiso.org/home [midwestiso.org]
Find the one that serves your area, and berate them with your uninformed bile since you obviously understand all of this better than anyone else.
Or do you?
Re:let it collapse (Score:4, Informative)
John Deere is in Moline, IA.
Moline, IL
across the river from IA
Re:Why isn't the insecurity of Windows mentioned? (Score:5, Informative)
Did we just jump in back 5 (or more) years in time?
You are joking, right? Open relays have been oveshadowed by compromised destop machines as spam sources for a few years now. Plus, since SMTP MTAs tend to be on static IPs, the use of RBLs has effectively limited the reach of open relays as sources for any kind of email (SPAM or otherwise).