Large-scale DOS attack menace continues to grow

Bollocks

The internet was not designed to resist nuclear attack, this is a myth.

There was a RAND study into survivable voice communications for Command and Control in the vent of a Nuclear war, and some of the techniques were applied to the technical design of the early ARPANET structure and protocols.

Nuclear survivability was not a design goal for ARPANET.

This is well known and well documented, often by people who were there, including Robert Herzfeld who was director of ARPA at the time and therefore in a good position to know what he's talking about.

I find it very hard to take seriously the opinions of someone who can't even be trusted to know basic facts about the arena in which he is pontificating.

Admitedly, the nuclear attack meme adds nicely to the doom laden FUD mongering that makes Mr Bloor his money, but to propagate this utter toss is pretty unforgiveable. Bad Robin, Bad!

Stating the Obvious

Yeah, many people consider that myth to originate from the later work to increase the network's robustness and survivability, including the capability to withstand losses of large portions of the underlying networks.

I always preferred the title "Galactic Network", sounds a lot more "wizzo" than ARPA's Network!

However, as most of the artical does appear to be a comment on today's "web based military issues"(most of which should be Top Secret) rather than factual based reporting, the reader should take the whole artical with a rather large pinch of Sodium Chloride.

On the whole, a nice comment on what many of us already expect. I'd expect that my country would attempt to break down the communications networks of our enemies during a war (if only to protect our soldiers) so why should that be limited to older methods?

On the battlefield, knowledge is power, and can give the enemy an advantage. I'd expect the internet (or the enemies portion of it) would be very high profile targets along with TV stations, phone systems, airfields and manufacturing facilities to name but a few.

Stating the obvious to promote a new product from Secure64?

Check the facts

I have already read that Chinese PCs come with a hacked Windows 98 or XP, and the owners do next to nothing to secure them.

If such lore is true, then it is hardly surprising that China be home to the greatest concentration of malware - it's almost a hacker paradise !

In European countries and in America, there is a large and growing pool of experienced PC users, people that can educate other users about the threats and the solutions. In China they are learning everything at once, and not many are capable of helping - yet.

So I believe that every condition is realised for making China the biggest malware home of the planet.

Pascal.

Can you really defend against DDoS attacks?

If someone has a large 'bot army able to inundate your web site with a sufficient number of valid HTTP requests using spoofed IP addresses, I can't see any way of stopping such an attack without also blocking legitimate access (which effectively means the attack has succeeded).

Maybe a Tier 1 ISP could identify the physical origin of inbound traffic (not based on IP addresses, which are spoofed) and block everything from (say) China, but if you've got legitimate customers in China, you're still stuffed.

Carrier Responsibility

This entire debate comes down to who is responsible for securing the Internet. Everybody wants to put security on someone else (to save money and face of course) but I believe that the carriers are responsible for security. As the gatekeepers of the Internet (and the people we pay to access it) they have the responsibility AND THE MEANS to secure against viruses, hackers, and DDos. Companies such as www.narus.com have successful and proven solutions to these things but the telcos are slow to adopt (due to cost and not wanting to admit responsibility). I have little sympathy for DDos and other Internet attacks. Considering the telcos can easily remedy these things, it is up to the customer base (users) to get carriers to adopt solutions and accept responsibility.

Spoofed IP addresses

I've never understood why all ISP don't filter out IP packets that don't have a senders IP address that corresponds to the line. It doesn't take that much effort surely. There is rarely a good reason for sending out IP packets that aren't addressed from a sending system on a most lines. The only valid use I can think of for it is bonding uplinks and that's just the sort of thing that ISP are likely to want to limit, so they can charge a premium for the service.

Poor Bloor

I do appreciate most of the articles on the register but the growing propensity for random product recommendations takes off some of the shine. Looking at the website of Robin Bloor , he appears to be interested in "vision" and SOA. I would be interested to hear the technical details of how this technology will “deflect” a DDOS attack. It’s preferable to look at the research people like CAIDA and ISC perform in this area if you really want to know about DNS.

Blocking spoofed IP

Ken makes a very good point. I think the reason this doesn't happen is simply that it adds (albeit only marginally) to the cost. If (most) users have a choice between two ISPs, one of whom has this service and therefore costs a few percent more, they will choose the cheaper one every time :-(

China ISPs just ignore complaints

If you trace back a sample of spamvertised web sites you will see a disproportionately large percentage are hosted by China, especially those of "professional" spammers.

The reason is that Chinese ISPs typically ignore any and all complaints that come in about the sites. They also ignore complaint about DDOS attacks coming *from* their networks so once a Chinese user's machine is infected then it will stay infected. Their ISP will not do anything about it.

It's not just Chinese ISPs doing this of course, one Indian ISP has a user whose machine has been sending me viruses for over 2 years now. Complaints to the ISP just get bounced or ignored.

WOW!! Such an in depth "analysis!!"

"Estonian officials claim some of the attacking computers had Kremlin IP addresses",

Did you ever bothered to use your brain before repeating after Estonian nazis? Or you simply play on behalf of BP who is not welcomed to grab a chunk of Russian oil?

Best Regards

WOW!! Such an in depth "analysis"!

Estonian officials claim some of the attacking computers had Kremlin IP addresses, but - and I'm sure the Russians would suggest this - such computers could have been infected by viruses and used as bots by Russian hackers. That's what you call plausible deniability.

Use your brain next time, instead of repeating after estonian nazis.

Or maybe you are on Berezovsky's and BP payroll?

Best Regards

Re WOW!! etc...

What a bizarre comment to make. Stating that "Estonian officials claim..." isn't "repeating after estonian nazis", it's merely reporting what has been said and is a perfectly legitimate journalistic statement. If the article had said "The attacking computers had Kremlin IP addresses..." without anything to substantiate it, that would be another matter entirely.