Paul Ferguson wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Fri, May 1, 2009 at 2:42 PM, Paul M. Moriarty <[email protected]> wrote: > > >> The "botnet as a weapon" genie is already out of the bottle. Why >> shouldn't the military have one too? >> >> > > So, are you advocating the fact that all networks in the path of a DDoS > will suffer the consequences of resource exhaustion? > > The whole idea of mutually assured destruction, and collateral damage, are > ideas that are brain damaged, in my opinion. > > Plus, if the IP addresses of the "military botnet" nodes are known & > public, it is trivial to packet filter them so as to render it basically > useless. > > - - ferg > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.5.3 (Build 5003) > > wj8DBQFJ+27aq1pz9mNUZTMRAlwPAJ4hvpLf+tKehg5yRSB+A1du0JaKFwCg24tV > a5PihvETkLeSHr8hsyY93zw= > =d4TP > -----END PGP SIGNATURE----- > > > You don't attack the problem with a botnet. You go at the problem on a protocol level. Tcp Resource Congestion issues like those of the Tcp Duplicate Ack (daytona attack) or perhaps Tcp Optimistic Ack. Attacking back is a simple answer, but we are a bunch of smart nerds who can come up with a better solution. Why don't we open up the tables on here over the weekend to suggestions?
Cory Smith Chief Technology Officer http://www.StopDDoS.org/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
