The Real Impact of the Estonian Cyberattack 172
An anonymous reader writes "News.com offers up an interview with Arbor Networks' senior security researcher Jose Nazario. He takes stock of the denial-of-service attack against the Baltic nation of Estonia, and considers the somewhat disturbing wider implications from the event. 'You look around the globe, and there's basically no limit to the amount of skirmishes between well-connected countries that could get incredibly emotional for the population at large. In this case, it has disrupted the Estonian government's ability to work online, it has disrupted a lot of its resources and attention. In that respect, it's been effective. It hasn't brought the government to a crippling halt, but has essentially been effective as a protest tool. People will probably look at this and say, That works. I think we're going to continue to do this kind of thing. Depending on the target within the government, it could be very visible, or it could not be very visible.'"
How insightful! (Score:5, Funny)
Yep, that pretty much sums up the possible outcomes.
Re:How insightful! (Score:4, Funny)
Re: (Score:2)
Re: (Score:2, Funny)
On the other hand, there are not an infinite number of ways to spell "tongue".
Re: (Score:2, Funny)
Come on, there are an infinite number of ways to hold your tounge and squint.
On the other hand, there are not an infinite number of ways to spell "tongue".
Yes, but 'e was clearly spelling "tounge", then, wasn't 'e?
Praline: The cat detector van from the Ministry of Housinge.
Man: Housinge???
Praline: Yes, it was spelt that way on the van. I'm very observant.
Possible Outcomes (Score:4, Insightful)
Re:Possible Outcomes (Score:4, Insightful)
Re:Possible Outcomes (Score:4, Insightful)
Re: (Score:2)
-->Oh boy.
Countries (including the US) raid and detain maritime vessels - shipping, scientific, etc - for a wide variety of reasons... not all of them overt.
I see a number of parallels from a cyberattack on a country to the US detaining money from shipments of sugar from brazil to russia calling it suspect for the drug trade. We can call it "Social Engineering", if you will, but the picture remains the same
Re: (Score:2)
Re: (Score:2)
-->Hasn't this become an addendum to Godwin yet?
"No where in a political move do you directly destroy or cripple services. "
-->Interesting. There's QUITE a few dictators that have been overthrown by covert meddling that would not agree.
"The current administration plays all the same games"
-->Note that no where did I suggest they don't; simply that bush has lost the flair that his predecessors once had for the covert and the underhanded. Reagan... Clinton...
Re: (Score:2)
The key difference is that sanctions and traditional methods are (generally) open and aboveboard
That is the funniest thing I've heard today.
Re:How insightful! (Score:5, Interesting)
Would this distributed DOS attack be possible without a vast army of compromised desktops being used as part of a botnet. Is it tecnnically possible to design against such attacks, or at least make it more difficult to compromise the desktops and route the rogue traffic. After all the Internet is supposed to be designed to be resistant to a nuclear attack. (I know Vint Cerf remembers it different)
Re: (Score:3, Informative)
It would be easier to defend against these attacks if companies would standardize on techniques. Cisco and HP are two examples I know of that offer different methods for defending DDoS attacks. Cisco has a number of methods not all of which are compatible with each-other. Perhaps more importantly, Cisco's methods almost always require Cisco products for them to work effectively. HP is a little better about standards these days but their methods are still rather solitary to their Procurve platform. Lately HP
I think not. (Score:1)
Multicast theories (Score:5, Interesting)
no reason to get overly complicated (Score:4, Interesting)
Re: (Score:2)
Re:Multicast theories (Score:5, Interesting)
Just a thought from the 'stay in your happy place group' (TM)
Re: (Score:1)
Re: (Score:3, Insightful)
I mean think about it, one of the things a party at war always tries to do is get the civilians of the opposite side reading "subversive" material. One of the first things we did with airplanes in war was pamphleting. We still attach pamphlets with aid drops. Would it be so strange to see the US send email to every Chinese address that looked like this [wikipedia.org]? How about a flood of anti-communist text messages? Doesn't seem very far fet
mod parent down (Score:3, Interesting)
Sure dude... So on, say, Linux, you'd have to exploit supposedly a buffer overflow to gain local access *then* you'd need to exploit a local root exploit to gain root privileges. Multiply this by the number of Linux distros out there and the number of different IM clients and suddenly your pet theory falls flat. Or maybe you were talking about rooting Vista boxes? Cancel or Allow?
You've posted links to this lame "infiltra
Simpler solutions ... (Score:1)
Re: (Score:1)
Accompanied by Brian Adams and Alanis Morissette, it could be the crushing first strike on the way to Canadian global domination.
Optimus Prime? (Score:1, Funny)
Backbone QOS? (Score:3, Interesting)
Re:Backbone QOS? (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
That wouldn't be the case if the ISP at the source in question had also implemented the technique before they peer with another provider. At that level the aggregate is a lot smaller and much easier to pin down. The real problem is coming up with a non-Cisco proprietary solution. Something not encumbered with copyright and patents which I believe is what is holding up a lot of development in anti-DDoS techniques.
HP and a few others have been learning this lesson trying to implement standards wherever they
Re: (Score:2)
Given that botnet "owners" earn more spammin
Re: (Score:2)
There are heads of state which have experienced the effects of DDoS attacks. Think Whitehouse.gov
Furthermore, most of these mechanisms are already deployed, they just aren't enforced unless you pay extra for the protection. Even then, it's too late, by then the traffic has aggregated enough bandwidth that the problem is much harder to work with. Kill it before it becomes big and see how the problems disappear.
The U.S. isn't the only country interested in this kind of protection especially with all the ne
Re: (Score:3, Interesting)
Sorry, but you have an odd definition of reality. Whitehouse.gov was completely taken out by a DDoS some years ago when it was a huge issue. Now in the last year we've had massive DDoS attacks on the root DNS systems which naturally held up because these trunk level ip filters you seem to think are impossible to implement HAVE been implemented. So in short, the only one that doesn't think this can be implemented globally is you.
I'll refer you to AT&T "Clean pipes" initiative as an example of a multinat
Re: (Score:2)
You completely an utterly missed my point. I never once suggested using tax dollars to require this of companies. I said specifically there should be standard technologies not encumbered by copyright or patent that all companies could use so my current HP infrastructure restricts me to using HP anti-DDoS techniques, the Cisco approach is proprietary along with several other companies that offer such things. If there was a common standard many more ISPs that are smaller would then implement such technologies
Re: (Score:2)
You keep referring to Cisco proprietary URPF like I suggest it as the end all be all. It's amazing the things you choose to focus on. Do you really think Clinton made technology decisions for the Whitehouse? Hell no, there are people paid to perform such tasks so your asking for him to say it is just ridiculous. In much the same way the my boss's spam problems are handled by me because the problem affects him but I'm responsible for it.
There are other techniques for fighting against DDoS attacks one of wh
Re: (Score:2)
The real problem is coming up with a non-Cisco proprietary solution. Something not encumbered with copyright and patents which I believe is what is holding up a lot of development in anti-DDoS techniques.
The road to ubiquitous DDoS protection is called "no monopolies." Several large ISPs have shelled out for the hardware to do this kind of DDoS filtering effectively, and almost every tier one can partially mitigate it with a combination of Arbor detection, and clever routing. The ISPs are paying for this because they can sell it and make money. Do you want a provider who does or does not offer a "cleaned pipes" option that lets you mitigate DDoS attacks directed at your network via a Web interface? Making
Re: (Score:2)
Re: (Score:2)
There is absolutely no reason why ISPs can't step up and at the very least make this much less of an issue.
What do you think this article was about? ISPs in several nations helped out by using their capacity to help filter the DDoS attacks against Estonia, whose major telecom apparently has no such capability. If, however, you want this to happen on a regular basis for all DDoS attacks ongoing, you have to expect the ISPs to charge their customers for that service. It costs money to deploy sensors and mitigations systems and to man and maintain those systems. At the same time, doing so reduces the amount of tr
Attacks.. (Score:1)
Re: (Score:2)
How to stop that spam (Score:2)
If you purchase those items, then they will stop targeting your email. That's what a friend told me.
Re: (Score:2)
Implementation Failure (Score:3, Informative)
Lots of companies have a root-and-branches approach to Internet connectivity, too, thinking that each site (or the whole corporate intranet) needs only one gateway to the outside. Put all your eggs in one basket, and watch the basket. For the family baked bean recipe confidentiality that's good, but for availability that's bad.
The "right" way to do it is to have multiple redundant shared trunks with neighbors. That word "shared" is scary to network administrators (or rather, to their pencil-pushing mentors). It means they'll have to carry outside traffic on their pipes (that's a metaphor, Senator), and that has risks: it costs money, and it has the potential to allow someone to see inside the network.
However, the rewards for sharing bandwidth are enormous: multiple ISPs mean allowing TCP/IP to do its job, routing traffic to avoid disasters like DOS attacks, hurricanes, and nuclear bombs. The ISPs and other bandwidth partners know they have an interest in helping to protect your network. The technical risks can be mitigated simply by routing and tunneling.
Is the above realistic? Nope. Not in a corporate environment, anyway. I'd be really surprised if anyone outside academia or pure ISP does shared trunking anymore.
But it can also happen at the leaf nodes: you and your neighbors share cable broadband and DSL connections, routing through wifi. That violates most subscriber agreements, but it's the way the protocols were designed to work. Your network should never be down.
Never.
Re:Implementation Failure (Score:4, Informative)
This is a DDoS attack. The first "D" stands for "Distributed." When you have thousands of remote machines located in different places sending traffic to your network, preventing an outage relies upon being able to figure out which traffic is legitimate and which is illegitimate, and then filter the illegitimate. Having more diverse pipes does not really make a huge difference. Either legitimate and illegitimate traffic can come in over a pipe or they can't. If it can, the attack is blocking things. If it can't you just DoS'd yourself.
The real trick here is the availability of clean or protected access from ISPs with the capability of detecting illegitimate traffic and filtering it, without stopping legitimate traffic. Many ISPs have this capability to one degree or another and a few have formally brought it to market as a differentiator for their service. I'm guessing the big ISPs in Estonia might be a bit behind in that regard, and are thus working with more capable peers to try and filter the attack further away in the cloud.
Thanks, Bottles. (Score:2)
Thank you for your charity in not calling me stupid.
There is a huge difference between being totally shut down by a DDoS attack and being 90% shut down. If you are shut down, there is fear; if you are limping along, you become angry. In a fight, anger is better than fear.
Having multiple points of entry helps in the effort to stay up, no matter what the cause. The reason DDoS's work is that Internet connections are leveraged: a small number, usually one, address per r
Re: (Score:2)
In effect, having multiple gateways changes the game from a many-on-one attack to a many-on-many attack, which makes it more likely that you will succeed at least in a limited way, which is the goal.
In the case mentioned here, it is government servers/services under attack. Regardless of how many different gateways lead to those servers and services, if the attackers use the same way of getting there as users, then either the attacks will get through or legitimate users won't. I do see where multiple gateways can be useful in two ways. One, if you have some vital service white-listed and of higher priority than anything else, you can blackhole all other traffic to keep it up and using a dedicated gat
Re: (Score:3, Informative)
Estonia: population 1,324,333 (less than 1,5 mio.) http://en.wikipedia.org/wiki/Estonia [wikipedia.org]
I would like to see some municipalities in USA of the size of Estonia to withstanding such cyber-attack.
Do you realize that the number of adult inhabitants in Estonia is less than a number of employees at the biggest employer of USA? (http://www.usatoday.com/money/industries/retail/2 003-11-10-walmart_x.htm)
Estonia is like New Hampshire or Maine or Idaho population wise. And than cyber-attacks are
Re: (Score:2)
Why not? Just as a reference, Estonia has 1.3 million inhabitants. How many zombie computers can you buy for a DDoS attack when you've got the FSB's budget? I'm not sure, and I'm not sure what Estonia's network infrastructure works like, but I certainly don't think that it's inconceivable that you can DDoS an entire country. It probably won't be Jimmy Random McScriptkid who does it;
Government-orchestrated and encouraged (Score:5, Interesting)
Decent well-connected countries would not engage in this sort of things. Russia — busily turning itself back into an Evil Empire — denies "officially" organizing the attacks...
Whether it did officialy organize them, or not is irrelevant — so many things in the country happen unofficially (including the unofficial salaries — in dollars — paid to top government bureaucrats to keep them from leaving for the private sector), that the government's claims may even be nominally truthful this time.
What is important is the government's official reaction. For example, a Russian health official is on record concerning the health hazards of the Estonian sprats. Those who follow the region would recognize the tactics already applied against Georgia's major exports. Georgia's most excellent wines are now called "alcohol-containing liquids" in Russia and their import is banned "on health grounds".
Sprats are safe for now — unlike Georgia, Estonia is an EU (and NATO) member. But Russia — in sore need of something glorious in its sorry past (we liberated Estonia, not reconquered it, you see) — is still enraged. In a decent country such rage wouldn't be enough to break law and order, but Russia is another story. There is no doubt, the cyber-attacks against Estonia used Russian governmental resources, including hardware and human ones — these will most certainly not be prosecuted.
Re: (Score:1, Troll)
Of course, decision to 'notice' that was political.
Oh, ans as we speak about global economics - why can't Poland sell their meat to other countries. Maybe because it substandard?
Re: (Score:1)
As for Russian and them finding out that Polish meat is crap, well if you'd googled, you'd found out that those accusation are total political bullshit. The meat is fine, and was tested by many independent labs. It's typical of Putin to create embargos with fake evidence and blaming it all
Re: (Score:2)
Personally, I'd take the ppbs of residual chemical on the grape skin than the couple of percent of mildew infested grapes that get through in a country that doesn't use chemicals.
Re: (Score:2, Informative)
The reason why detailed audit was refused, is because all exporting farms have EU quality certificates. Russia accepts EU certified meat from other countries, but forbids Polish meat even though it complies to the same quality standards. Such behavior smells of politics.
Re: (Score:2)
Europe has its own share of problems with meat smuggling:
http://www.deutsche-welle.de/dw/article/0,2144,180 8099,00.html [deutsche-welle.de]
http://www.eubusiness.com/Food/bonemeal-foodwatch. 92/ [eubusiness.com]
Also, not only Russia banned Polish meat:
http://english.people.com.cn/200611/10/eng20061110 _320195.html [people.com.cn]
Re: (Score:2)
US pulls such tricks all the time - just remember 'steel vs. poultry' trade wars.
PS: what a coincidendce - I'm anti-Ukrainian-revolution and anti-Yanukovich at the same time.
Re: (Score:2)
WTF, even a Georgian _minister_ said that: 'One could sell even fecal masses in Russia'.
I surely googled and yandexed (Yandex.ru - a Russian search engine) - there WERE well-known problems with Polish meat. I remember a couple incidents when meat from England (during BSE scare) was rebranded in Poland and exported to Russia.
Re: (Score:2)
I don't recall that minister suing anybody for slander. He did say that very words (in Russian).
Re: (Score:2)
I can't really remember the last big event in Russia which was not covered by western news agencies (which work freely in Russia, BTW). So it's not like there's no reliable information coming from Russia.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2, Interesting)
1) USSR won in WWII (destroying 80% of German military manpower).
2) USSR was the first country to launch a satellite.
3) USSR was the first country to launch a man into space.
etc.
It's Estonia that is like a small dog barking at a great elephant.
Re: (Score:2)
After first helping train the German air force, and helping it invade Poland.
Lets not forget that the USSR received a lot of lend lease aid from the US. Thousands of aircraft and many many tons of other supplies where sent to the USSR from the US.
The USSR didn't win WWII. The allies won WWII. Of course it is nice to forget that Stalin was Hitler's friend right up till the time Hitler attacked Russia.
Estonia may be a small dog but it has big
Re: (Score:2)
Re: (Score:2)
And no the USSR wasn't the largest ally in population that would be China. It was one ally and did nothing in the eastern theater until the war was over except intern US pilots and steal US planes to copy, ever hear of the TU-4?
They did nothing in the Atlantic theater and had to rely on the UK and the US
Re: (Score:2)
Poland at that time was _occupying_ parts of USSR, so Stalin was merely liberating lands of USSR.
TU-4 story happened in 1944, the outcome of war was pretty clear at that time. BTW, do you want to talk about atomic bombings of Hiroshima and Nagasaki? Maybe about relation of crushing defeat of Kwantung army and Russians moving closer to Japan?
"The Red Army in WWII marched on US bread" - st
Re: (Score:2)
Ummm... Yea it was too steal land. I guess Russia was so threatened by big scary Finland they just had to protect it's self.
"Poland at that time was _occupying_ parts of USSR, so Stalin was merely liberating lands of USSR." No it wasn't Poland was restored from of the Austro-Hungarian Empire. Yea Stalin the great liberator. He was known as such the humanitarian.
"TU-4 story happened in
Re: (Score:2)
RLA and its Ukrainian counterpart is a different story. Their goals might have been noble, but their methods were disgusting.
Re: (Score:2)
Re: (Score:2)
Poland did not really exist prior to WWI as a separate entity. And they did not really behaved well after gaining independence: http://en.wikipedia.org/wiki/Pinsk_massacre [wikipedia.org] - for exam
Re: (Score:2)
Amazing... You are, actually, justifying Stalin's actions by Poland's "misbehavior" — Pinsk massacre, where 35 or so suspected Commies were executed without trial.
Outrageous as it might be, to bring this up even in the same post as Stalin is most ridiculous. 35 people executed without trial is an even, over which Stalin wouldn't even have been waken up by his staff.
For example, shortly after conquering its half of Poland (in full cooperation with the Nazis), Stalin's scumbags have executed between [wikipedia.org]
Re: (Score:2)
4) USSR was the first country to slaughter its own population by millions (yes, before Nazis started to implement their "Final Solution").
As for winning WWII, yeah that was quite a feat. Especially the part about replacing the Nazi totalitarian puppet regimes with Communist totalitarian puppet regimes throughout Eastern Europe. Way to establish good relations with your neighbours.
Re: (Score:2)
I thought it was United States and Britain Empire who invented modern genocide.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I don't say that communism was all roses. I'm saying that Russians do have things to be proud of.
Government-orchestrated? Please (Score:3, Insightful)
Estonia (and some mass media) simply find it useful to blame everything on Russian government now. Russian companies refuse to buy their products because customers stopp
Re: (Score:2)
I think, you are a bit too dismissive of the Russian Government's ability to organize certain things. Ending drunkenness may not be among them, but killing or imprisoning detractors they can do. Pressuring a neighbor economically? Sure — I remind you of the "alcohol-containing liquids" again... A cyber-attack? Yes, they can — far easier than putting polonium into somebody's tea in London.
Re: (Score:2, Informative)
No, they would pay for the repatriation of the bodies so that they could be buried on US soil just as they have been doing for the past 40 years in VietNam/Cambodia/Laos. If The country where they died is willing to keep the wa
Re: (Score:3, Insightful)
Remember an incident with US spy plane and Chinese fighter jet [wikipedia.org] ?
It resulted into a hacking contest [bbc.co.uk] between US and China without any "official" guidance.
In case of Estonia an asshole named Anders (Estonian leader - my sincerest apologies to all other assholes for the comparison) referred to buried WWII veterans as "marauders" on public TV, before trying to move the statue. Quite obviously, people got pissed off. Some teenage
Re: (Score:2)
There may not have been anything *official*, but do you honestly think that the two countries' respective intelligence agencies were not involved? Come ON.
Kremlin-backed Putin-Jugend has claimed credit (Score:2)
Re: (Score:2)
As most wars show (Iraq is not an exception), winners "liberate" and losers "get occupied". For almost 50 years Estonia did not mind to side with winners. They have only recently realised they had been losers.
Russia - cybercrime capital of the world (Score:2, Interesting)
The situation in Russia isn't helped by the fact that the mafia are basically the state (Putins FSB). Europe will eventually rely on these villains for natural gas, what can the west do about the situation before it's too late?
Re:Russia - cybercrime capital of the world (Score:5, Insightful)
According to the site [arbor.net] mentioned in the article, Russia comes in at #17 in the attacks by country breakdown at the bottom of the page. It covers scanning, fingerprinted attacks, and DDoS attacks (no spam). The number 1 country is the good 'ole USA. We're #1! We're #1!
Re: (Score:2)
what can the west do about the situation before it's too late?
Put the robber on their most productive hex, and surround them with roads?
Sorry. I was playing Catan on XBox Live, like, all weekend.
that's the biggest problem with this warfare (Score:4, Insightful)
however, things are too nebulous on the web. no accountability. the russians that attacked estonia can not be found by russia and suppressed easily, because no one knows who they are. well, obviously there can be some intelligent detective work done (who purchased the botnets for rent, for example), but my point is, any group of teenage assholes can do this sort of thing, from any botnet in the world, and so it renders obvious lines of accountability all nebulous and unresolved
and so it is sort of like terrorism, in that there is no one easy and big to blame. no state or governmental entity. it's vague and undefined. and in the end, therefore, these sorts of wars/ crimes are really the defining characteristic of conflicts in the 21st century. for the most part, wars of nation against nation and obvious straightforward battlefields seem to be a dead era. today's conflicts are all about shadowy organizations ready to do nefarious things in the name of nebulous agendas, and finding and stopping who or what or how is simply a task without any clear goals or clear yardsticks of progress
some people would use this fact to say that therefore there is no war or conflict at all, that say, the "war on terrorism" isn't real. no, wrong. the threat is still very real. something like 9/11 is not a phantasm of a neocon's imagination
it's just that the enemy is opaque and made of fog. but because the enemy is hard to pin down, does not mean there isn't nefarious intent out there you need to protect yourself from. yes, that vagueness can be used to amp up fear and provoke overreaction. but, in a way, doing nothing is still worse than overreaction (unless overreaction consists of taking the war to targets that should not be targets)
we live in a difficult era folks. do nothing, you're damned. do something, you can be damned worse. you need to be clever and constant and precise in your efforts, and you'll still screw up and get blowback anyways, and you must still soldier on nonplussed nonetheless, against cyberenemies, against terrorism, with no real yardstick of progress, with no real verification of success or failure, with nothing but the fog for miles and for years, and then a plane in a skyscraper, or a bomb in a disco, or a flood of emails, or a DoS for seemingly no rhyme or reason... and then gone again like a fart in the wind, until the next mass murder. it's psychologically debilitating, and yet constitution and fortitude are your best character qualities needed in order to beat back these shadowy enemies
Re: (Score:2)
Seems well enough to work for the Lebanese government. Of course when you are at the brink of civil war... You really don't have control over what goes over your border.
well yeah (Score:3, Interesting)
Yowza... (Score:2)
Typically, if someone _needs_ to be prosecuted, "round up the usual suspects" applies. That you think otherwise is folly.
and so it is sort of like terrorism, in that there is no one easy and big to blame. no state or governmental entity. it's vague and undefined.
This is a half-truth used to create a fearful population and justify egregious limitations to your personal freedoms.
today's con
you are a genuine idiot (Score:2)
nothing, absolutely NOTHING i ever did or could ever do to you justifies or explains my own bigotry against you. al qaeda is not fighting the west because of che guevara, or the kyoto protocols, or walmart, or nike sweat shops in indonesia. al qae
Re:that's the biggest problem with this warfare (Score:4, Interesting)
a) Focus inwardly, trying to be on the smallest possible number of 4GW organization target lists. The less people hate you, the better you are;
b) Focus locally, building your defensive strategy on fast deployed forces stationed where they act and, if possible, made up of residents of the area, as well as lowering the dependency each area has on resources deployed from too much away. The more centralized and distant and your military force is, the weaker you are. The more dependent you are on goods and services coming from other cities, states and countries, the weaker you are. (Note that this isn't the same as neglecting a strong and big army. It's more of the way said army is built.)
USA fails on both aspects. It fails "a" miserably by making its presence felt all over the world, thus entering the list of almost everyone. And it fails "b" by encouraging a false sense of security on its population, when it should be making local militias and weapon usage proficiency as much widespread as possible, as well as by having an absolute, complete, all-embracing dependency on foreign natural resources, goods, services and work.
On a 4GW world, this is a recipe for disaster.
Re: (Score:2)
If you have no way to measure success then you need a new approach. Treating headaches again and again with Advil sure will get rid of the pain, but eventually you're either going to have a stroke and possibly die or you'll experience kidney or liver failure.
If stress of the job is causing the headaches then you need to find a way to cope with the stress or get a new job. Continuing on course is not the correct action, the definition of insanity is doing the same thing over and over expecting a different r
but there's a conflict here (Score:2)
all of the changes you propose are basically the wet dreams of authoritarian censoring oppressive governments everywhere
it is very much in the name of freedom to leave the internet devoid of such control... and an internet devoid of controls leads to this sort of anarchic bullying by shady forces
negatives with both approaches, pluses with both approaches
it all boils down to that familiar schism... control or freedom/ security or liberty: the ideological co
Re: (Score:2)
Perhaps you missed the part I wrote about maintaining anonymity? Preventing DDoS is very easy without needing to identify people. I also said that most countries don't control the Internet because corporate entities do. I was not advocating this be changed. Only that we provide guidelines to those entities that peer with other providers. If you implement some basic techniques at the peering locations then you can prevent the vast majority of DDoS attacks because it can be aggregated enough to cause problems
well said (Score:2)
Re: (Score:2)
I agree that people often give up freedom for security and that it is never worth it. In this case however the only freedom being taken away is the freedom to launch DDoS attack on people. It's very limited in scope and only serves the best interests of the law abiding with zero innocents getting caught in the crossfire. It's a total win-win situation, the only thing is costs is a little time and probably a bit of money which we waste in dealing with the problems of DDoS attacks. I've had to divert time and
anonymity (Score:2)
Maybe it's just me... (Score:2)
Botnet? (Score:3, Funny)
Re: (Score:2)
I understand that the Russians are essentially harassing countries that used to be part of the Soviet Union, most notably they have been trying to interfere with the Ukraine. I wonder if they have anything to do with this DOS attack on Estonia's government network.
Enjoy your Polonium soup, Anonymous Comrade.
Re: (Score:3, Insightful)
Frankly, because of stuff like this, we need to be prepared to use a variation of the old Internet Death Sentence. Hostile nations could be removed from the routing tables (i.e. we don't route traffic to or from them). With international cooperation attacks like this *could* be stopped dead in their tracks, with the side benefit that the offending nation would have a high priority desire to clean up the attacks.
I don't think that stopping routing from a country would make much practical difference. There are millions of vulnerable and already compromised Windows boxes scattered across the world. You can rent time on them from a Web interface. A big part of the usefulness of DDoS attacks is it is easy to make it impossible to attach them to an individual or country since the actual traffic comes from all countries. Most of the compromised machines known to be attacking as part of a botnet are within the US.