Philippe Bourcier wrote:
> 
>  >I would love to see a presentation regarding DrDoS.
> 
> It could be interesting to talk about it, but :
> - it's not much used
> - there's not much to do against it
> 
> So unless you get one of the guys involved in the development of IOS, Linux
> or the *BSD IP stacks, the talk won't go too far...

As long as you can spoof IP addresses/packets, you can't fix
this problem...

All the detection/traceback techniques (ICMP traceback, MULTOPS,
SPIE, IP traceback, Pushback, CenterTrack, etc) are useless since
most of these proposals imply fundamental changes and I haven't
seen any HW vendor put such features into their ASICs.

I don't want to launch a never ending thread, the french "reading"
subscribers can have a look at this presentation and tell me if
part of it would be of interest for #5:
http://www.securite.org/presentations/ddos/

> Steve Gibson made it look big, but he's as always making big stories out of
> small events.

Paxson published a paper on this topic way before Steve "nice colors"
Gibson got attacked and "discovered" this new type of attacks: 
http://www.icir.org/vern/papers/reflectors.CCR.01/

>  >Hopefully companys and ISP's starts thinking together now
>  >and see that DoS is the next step of online "terrorismus" and
>  >with the way how we all work together now; this'll badly
>  >hurt us all at the same time.
> 
> Yes, but also some network hardware companies claims to have means to
> filter those attacks...
> 
> It would be very good to compare those products.
> 
> If someone is interested here is a list of the main anti-DDoS companies :
> Arbor Networks, Asta Networks, Captus Networks, Mazu Networks, Riverhead
> Networks...

Well, you'll soon hit NDAs or "commercial/marketing only" content...
The key componenent is usually the detection engine. I had some
really interesting discussions with guys like Dug Song (Arbor
Networks/dsniff/etc) on this topic some months ago, maybe not
worth a presentation, but maybe a topic for the coffee break ;-)

Nico.
-- 
Nicolas FISCHBACH ([EMAIL PROTECTED]) <http://www.securite.org/nico/>
IP Engineering Manager - COLT Telecom AG
Securite.Org Team <http://www.securite.org/>

----------------------------------------------
[EMAIL PROTECTED] Maillist-Archive:
http://www.mail-archive.com/swinog%40swinog.ch/

Reply via email to