OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] Can A Web Site Be Reliably Defended Against DoS Att acks?

[ Lists Home | Date Index | Thread Index ]

On Wed, Feb 04, 2004 at 04:24:46PM -0600, Bullard, Claude L (Len) wrote:
>> From: Louis_Smith@Keane.com [mailto:Louis_Smith@Keane.com]
>> I suggest reading the story of the DDoS attacks on Gibson Research's site
>> (grc.com)

> Thanks Louis.  That is an excellent read with a good 
> overview of TCP/IP and how this all works.  I'm sure 
> many here know this, but when one has to explain it 
> to customers, this is a good resource.

I had the dubious pleasure of chatting online with the bot author once
(and then my internet connection stopped working for a while :-X ).

These days there are also p2p ddos botnets, which can be harder to
deal with than the centralized psychohug bots described on grc.com.

There are programs in which an MS Windows (ab)user can click on a couple
of pretty icons to scan thousands of Internet addresses, and infect
automatically any Windows XP systems with no Admin password and/or
file sharing turned on.  I encountered someone who had infected
tens of thousands (literally) of PCs this way.  He was 15, and the
FBI weren't interested unless he'd done provable financial damage.

I think in the long term p2p federated/distributed network services
may be a way to avoid some of the vulnerabilities -- you can then
ask any neighbouring computer to fetch a resource for you, without
being able to contact the resource directly.


Liam Quin, W3C XML Activity Lead, http://www.w3.org/People/Quin/


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS