[Previous entry: "Googlisms"] [Main Index] [Next entry: "Packing heat"]

03/21/2003 Archived Entry: "First non-token entry in a couple days"

Been busy...while I've pledged not to go into details about my work (not even saying who I work for, for fear of it coming back to haunt me), I'd like to talk about something related to the work I do and some recent experiences I've had.

DDoS's (Distributed Denial of Service attacks, info here) and DRDoS's, (Distributed Reflection Denial of Service attacks, info here) are one of the nastiest attack forms on the net. They basically take the internet form of a drive-by shooting, or even worse, take the form of a drive-by shooting where the people with the guns drive around the block repeatedly until the victims are all dead. Or another example...the attacker is basically a schoolyard bully who doesn't relent until the victimized kid doesn't get up again.

Without going into details, I've been hit by a number of these...with a well orchestrated attacks there ain't a darned thing the victim can do about it. The attacks are so anonymous and distanced from the perpetrator that it is nearly impossible (if done intelligently) to trace it back (especially with the resources of a small company - it took months for the FBI to trace back the DDoS attacks that happened a while ago to Amazon, Yahoo, E*trade, etc.). The companies involved lost millions, the government spent millions in trying to trace the attacker, and none of it is ever recoverable. No 'theft' occurred, and so nothing could be paid to the victims.

The majority are perpetrated by intelligent people. This is not a sort of attack that 'script kiddies' are likely to perform (or if they do, they are not smart enough to cover their tracks well enough). It's obvious though that intelligence does not equate to wisdom. Knocking others down does not make you rise up. Doing this to impress other technologically-aware people is pointless, as they won't care or remember in a remarkably short time. Hitting a big company or the government or the root servers of the internet just brings on millions of dollars worth of security experts to hunt you down. Hitting a small, vulnerable company or organization or individual is so overpowering that there cannot be any real challenge to it, and you end up hurting a lot of unintended victims (the hosting company, the bandwidth provider, the techs who go without sleep trying to recover the systems, the website users who probably are more like you than you think).

Basically...if you go big, you can't win forever...if you hit small, you are being a bully. Either way there is no gain for the attacker.

Pointless.

Replies: 4 comments

That's got to suck. Any relief yet? Any word on the perps? Posted by Adiplomat @ 03/21/2003 04:44 PM PST

Hey Dippy, No attacks for almost two days now, and although we have a pretty good guess as to who the perp is...no proof :( The RCMP has the info though and in the case of another hit, we're prepped for recording every bit of info. Posted by Greg @ 03/21/2003 11:30 PM PST

i hate crackers and script kiddys Posted by OzanBABA @ 03/22/2003 04:28 PM PST