Has Progress Been Made In Fighting DDoS Attacks? 206
alphadogg writes "As the distributed denial-of-service attacks spawned by this week's WikiLeaks events continue, network operators are discussing what progress, if any, has been made over the past decade to detect and thwart DoS attacks. Participants in the North American Network Operators Group (NANOG) e-mail reflector are debating whether any headway has been made heading off DDoS attacks in 10 years. The discussion is occurring while WikiLeaks deals with DDoS attacks after leaking sensitive government information, and sympathizers launch attacks against MasterCard, Visa, PayPal and other significant e-commerce sites."
Re:This reminds me of WW 1 (Score:5, Insightful)
assassination of a prince from memory
An Archduke, if you want to be picky. But nice analogy nonetheless. Like WW1, I think this is a fight that's been waiting to happen for a while now. Like WW1, the specifics of the flashpoint incident are largely irrelevant.
Unlike WW1, the two sides seem far from evenly matched this time. My gut says the pro-WikiLeaks side will get tired and give up; there's nobody paying them to keep going, and that matters in the long haul. I'd love to be proved wrong, though.
Re:Is DDoS a crime? (Score:4, Insightful)
If you do so in an attempt to harm or otherwise deny access, then yes, it would be. It's more akin to getting a thousand people to sit outside their building and forcefully block anyone who tries to come in.
Re:Is DDoS a crime? (Score:5, Insightful)
No it's not.
It's like a crowd gathered in front of a service window all trying to get an order - only most of them asking for things they don't offer there. Now you as a legitimate customer need to get through that crowd to get to the window and make your order.
Origins of the internet (Score:4, Insightful)
You all may recall that the internet was designed as a peer to peer network. It was assumed that every node would have equal access to a decentralized network with many interconnects and pathways between each. The rise of DDoS attacks and other vulnerabilities is a direct result of the internet being used for other than it was designed: Businesses have forced a "one to many" relationship, a client-server architecture, and uneven upstream/downstream ratios. The centralization here is the weakness, not the internet.
The internet wasn't designed to support the business and organizational models that now dominate it. The solution to the DDoS problem is to decentralize, and restore a peer-based communication model -- that is how it was designed to be used. Of course, we could sit here and debate how to "save" the internet from "hackers" who are using the strengths of the network to great effect to attack those who built their solutions without much mind to the foundation.
Re:This reminds me of WW 1 (Score:3, Insightful)
uh, there is no such thing as the victims being outmatched on this.
this is roughly back to basics all over again - the people who are DDOS'ing don't need a central command location - that is easily mirrored anywhere in the world.
the people who are defending however, do need a centralized location.
meanwhile, calling this war, is just a blatant lack of understanding - this is more of a political statement than an act of a aggression - it is not harmless, but that is not the focus here.
If this were a war, it would be more about sneaking viruses onto servers and malware and things like that.
Re:DDOS = Digital Sit-in = Illegal (Score:2, Insightful)
However, there is nothing illegal about one person visiting a bank and standing there, just like there isn't anything illegal with a number of people going to a bank... at the same time.
Actually, that is called trespassing and is very illegal, especially if you do not leave when they ask you to. While it is true that businesses are open to the public, that is not blanket permission. They are giving an invitation of, "come on in if you want to do business." If you don't want to do business, then you have no right to be there. Likewise, if you are accessing someone's network not involved in business with them, then you have no permission to be there and are violating the law.
Re:This reminds me of WW 1 (Score:5, Insightful)
I worry that WL is the "cyber 9/11" that people in the IT industry have been dreading since the 1990s.
Here in the US, we have Congresspeople who have been obviously Internet hostile. One of which was one of the reasons Zimmerman made PGP because strong cryptography came perilously close to being made illegal in the early 1990s. And the people still keep trying -- the mid 1990s brought with it the CDA where cursing on the Internet could mean a prison sentence (which took a fight to the Supreme Court to get that overthrown.) Of course, every few years, we have a bill like the INDUCE act, COICA, and many other Internet-hostile acts. Looming over our heads is ACTA which is still in the "make as extreme as possible, then 'compromise'" stage.
The people wanting these laws (likely the same people who want a DRM chip in every single computing peripheral and computer) would score a coup like no other should Congress check their heads in at the door and blindly rubber stamp "anti-cyber-terrorism" laws (like they did with the USAPATRIOT act.) Their long term goal is more revenue streams, and DRM and locked-down operating systems help that greatly.
The result of the lawmaking: iPad-like lockdown on the desktop, NAC on upstream routers that would detect jailbroken hardware and permanently ban machines by IMEI or other identifying ID (think XBL bans for modchipped firmware), all browsing and usage history transmitted to LEOs and ad agencies in real time (with no way of saying "no" to it), forcing people to have a "license" to browse the Internet (and the onus on victims of ID theft to prove otherwise so their access can be regained), and a return to the days where there were no open source alternatives -- either pay someone for a tool (such as a compiler), or do without. To enforce this, machines would have an active DRM chip with its own IP stack and method of automatically downloading new definitions/patches, then randomly freezing and scanning the memory space looking for suspected items. Machines would also have an antivirus utility that would run in protected space to look for signatures of music or video files, then phone home about it, leading to the user either permanently losing net access, or actually getting raided and the equipment seized via civil means (similar to how cars are seized due to drug charges.)
Ironically, Joe Sixpack wouldn't care, until he has to pay money per play of his favorite Ke$ha song.
Yes, this sounds like a dystopian fantasy, but the technology is there (CISCO's NAC, active DRM chips [1], XBL bans, Internet IDs in Korea and China, just a few companies providing Internet service, large wholesale moves of the population from "open" devices like Netbooks to closed/locked down platforms [2] like the iPad, a wholesale move by Microsoft and Apple to application stores on the desktop.) If given enough impetus, one can see companies connecting the dots and going a good way in locking down the Internet. Of course, it wouldn't be 100%, but it can be effective. Especially if people's software investments are tied down to a user account (Steam, Apple Store, Google's App Store), and they could easily lose access to all their purchased software in an instant should piracy be suspected. This could be compared to Valve's Anti-Cheat where access can be taken away to all multiplayer games in an instant with no recourse [3], except with all other software that one purchases, perhaps even the license for the OS itself.
Of course, the world != the US. It would obviously cause an exodus of talent from the US to elsewhere (such as during the 1990s where all the cryptographic R&D moved from the US to Russia and Israel during the times when exporting a DES routine had the same criminal penalty as selling a nuke.)
I don't want to sound like a doomsayer, but there are a lot of well-heeled people and organizations who would love to see the Internet return to being a Compuserve with complete control of who accesses what, how many fees can be attached, dissidents bei
Re:DDOS = Digital Sit-in (Score:5, Insightful)
With a sit in, the protestor faces the (immediate) risk of arrest. With a sit in once they are asked to leave and they refuse it becomes trespass and the cops can be called in to clear them out. Not so with a DDoS.
Equating DDoS with sit-ins is a disservice to the sit-in as a valid form of protest.
Re:How could they not progress against a known thr (Score:5, Insightful)
"simply put, attacking a major online retailer when our parents are buying our christmas presents might affect us" -- what they really meant.
Re:This reminds me of WW 1 (Score:5, Insightful)
Perhaps we should be pointing out that the problem here is the DDoSers, not their victims. And, more generally, the problem is that we are developing organizations that see it to their advantage to interfere with Internet traffic. Some of the organizations are political in nature, as with the wikileaks/amazon/etc snafu. Some are economic, as with the "traffic shaping" done by the Internet's supporting corporations for their own monetary gain and to damage competitors. Some are religious, as in the filtering done to block heretical and other indecent material by national chokepoint-type gateways.
All of these are the same threat to the rest of us: They are trying to limit our access to information that they don't want us to see. The best approach is to take an "agnostic" approach to their motives, ignore whether they're political or economic or religious, and just emphasize that we don't want them benefitting by controlling and limiting our access to information.
That Knowledge is Power is an old observation. These people all want power over us by limiting our access to information. Many of them have had such power in the past, and are now upset that their power is decreased by this newfangled "Internet" thing. This is, of course, part of why we built the Internet. The important thing is to prevent this control of information from being reestablished by anyone. We don't care how noble their motives are; we just want to make sure that they can't control what we are allowed to learn.
Re:This reminds me of WW 1 (Score:5, Insightful)
I do wonder where it will all end.
That one is fairly easy, actually.
First, a significant number of those who have been involved in the recent DDoS mess will be hunted down and thrown to the wolves as examples. It won't be the guys who set it up, who are hiding behind their anonymising proxies and not actually taking part in the DDoS attacks personally. A lot of young troublemakers/curious geeks* will suffer for playing along.
(* Delete as applicable)
Over the coming months and years, increasingly draconian lock-down of the Internet will follow. Wikileaks have helpfully provided the politically credible stick that major governments such as the US have been dying for to impose this on an international scale, and the end result of Wikileaks and its "supporters" acting like children will be the world's major governments treating us all like children and thus making things worse for everyone. It will be like all the security theatre (with the occasional genuine measure going by almost unnoticed) imposed after events like 9/11, because you can do anything as long as you're "fighting terrorism" now.
One consolation we have is that most of the government measures will in practice probably be miscalculated and ineffective because they will be politically driven rather than planned and implemented by people with actual clue about computer security, which means they will hit stumbling blocks when serious money and/or international concessions are required to implement them. However, those who just want to continue using the Internet freely and responsibly will probably still have to live under the perpetual threat of coming up as a false positive on the wrong government agency's or ISP's automated system and being messed around as a result, even though they have done nothing wrong according to the new laws. Naturally, the most likely candidates for such treatment will be those in minorities, such as people who don't just run $DOMINANT_PLATFORM on the $FORTUNE_500_VENDOR hardware they bought from $MAJOR_NATIONAL_STORE_CHAIN.
Finally, the one thing that will almost certainly be seriously compromised is on-line anonymity. This will no doubt still be achievable but probably only with a much more serious level of skill and understanding than most script kiddies ever have. Whether this is a good thing or not is open to debate: about the only worthwhile information we have learned from the Wikileaks fiasco is that the actions of both sides stink to a significant extent but neither side is really as bad as the other makes out. Most people going about their daily lives seem to be getting bored of the whole affair already. The media here in the UK certainly are.
Re:This reminds me of WW 1 (Score:3, Insightful)
Re:prevention is the best cure (Score:4, Insightful)
Pretty easy. Make it standard for all OSs to default to updating/patching *without* prompting the user.
No thanks. I've seen too many "fixes" break much more than they fixed. I'm setting up a laptop at the moment and had to downgrade my version of Zonealarm because it broke my remote desktop, and downgrade my version of virtualbox because it broke network file sharing. Too many companies think they know better than the user then fail to do basic testing. Until quality control comes up out of the gutter, if you take away my ability to decide what is and isn't installed, I no longer have a use for your product. That's true of everything from the web browser to the OS to games to office suites. EVERYTHING.
Re:This reminds me of WW 1 (Score:5, Insightful)
But how would throttling the repetitive requests help? The whole point of DDoS attacks is that the attack requests aren't trivially distinguishable from legitimate traffic the site wants to serve. (For naive attacks they probably are; but in an arms race, the requests will just be modified to be harder/impossible to distinguish from real sessions). If the routers start throttling all traffic to the site under attack then it can no longer serve legitimate requests. Mission accomplished: service denied!
An additional problem is that this requires companies to invest resources to protect other people's networks.
Re:prevention is the best cure (Score:4, Insightful)
Needing a reboot after a software install/update? ... I used to think the MS strategy was lousy - and I have a MainFrame and Unix background.... BUT, I have since found a rather valid reason for doing a system reboot after software update ... to verify that the system will boot, while the details of the update are fresh in your mind. ... which update (or updates) is the problem ??? Do you have a log of every change since the last reboot, and the time/skill needed to sort out the mess you now have? .....
There is a real nasty shock available to *nix administrators who have done all sorts of minor updates over a period stretching back hundreds of days without a reboot.. next time you do a reboot, and the system does not restart things nicely
It turns out that the while the MS forced reboot is often inconvenient and intrusive, it does at least verify (normally) that you have a valid system after applying the most recent set of changes.