Is there a line of defense against Distributed Reflective attacks?

Steve_Bellovin · January 19, 2003, 4:16am

theory, trace a single packet. But the real problem with either idea
is this: suppose that you know, unambiguously and unequivocally, that
750 zombies are attacking you. What do you do with that information?

The reality is its not 750 zombies, its generally one person controlling
750 zombies attacking you.

Right -- and neither itrace nor hash-based tracing are going to solve
that:

3) Find and convict the true attacker

Hash-based trace might help on that, *if* there was recording of the
packets to the zombies. But doing that ubiquitously might -- would? --
turn the Internet into a surveillance state.

2) Track and stop DDOS quickly when it does happen

That's the point of pushback.

So how do we
1) Make end-user systems less vulnerable to being compromised

That's my real goal...

--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)

Sean_Donelan · January 20, 2003, 12:12am

> 3) Find and convict the true attacker

Hash-based trace might help on that, *if* there was recording of the
packets to the zombies. But doing that ubiquitously might -- would? --
turn the Internet into a surveillance state.

Yep, the hard question isn't if we can, but if we should. We have the
advantage of Casino Network Traffic Analysis, the longer you play the odds
favor the house. Tracking a single packet is difficult. But when the
player keeps returning, eventually you can find them.

Traffic analysis doesn't require looking at every packet, or even beyond
the packet header. Starting with the 750 zombies and slowly working
backwards is time consuming and expensive. On the other hand, putting a
few thousand taps in the network is getting easier all the time. Vendors
are including more Network Intrusion Detection features in their
products. Most of the DDOS products on the market today include some type
of traffic flow monitoring. With the right incentives, I'm sure the
vendors can improve their products.

But then we get to the unintended consequences. Once you collect the
traffic data, who else will want to use it for other things. I'm not
just talking about the government, but also divorce lawyers wanting
dirt on spouses, companies track and silence critics, or even hackers
getting the records.

> 2) Track and stop DDOS quickly when it does happen

That's the point of pushback.

Triggered black holes, pushback, etc will help. But reactive measures
aren't a complete answer.

>So how do we
> 1) Make end-user systems less vulnerable to being compromised

That's my real goal...

What incentive does the end-user have to use secure systems? Should
Microsoft, Sun, Sendmail Inc or ISC be required to send a technician out
to fix every defective system they released? Why should the ISP be held
accountable for the defects created by others? Car makers have to fix
defective cars, not the highway department.

Deepak_Jain · January 20, 2003, 5:25am

What incentive does the end-user have to use secure systems? Should
Microsoft, Sun, Sendmail Inc or ISC be required to send a technician out
to fix every defective system they released? Why should the ISP be held
accountable for the defects created by others? Car makers have to fix
defective cars, not the highway department.

Without jumping into this discussion, I would like to make the point that if
a car on the highway drops something... a pebble. a window. tacks. or any
other item on the highway that is potentially hazardous or inconvenient to
others who want to use that highway... the car manufacturer doesn't come
out, the highway department does.

As long as the car _moves_ under its own power across the highway, its
essentially not the car manufacturers' (or the consumers') immediate
concern.

Deepak Jain
AiNET

David_Andersen2 · January 20, 2003, 5:53am

On Mon, Jan 20, 2003 at 12:25:27AM -0500, Deepak Jain mooed:

As long as the car _moves_ under its own power across the highway, its
essentially not the car manufacturers' (or the consumers') immediate
concern.

That's really not true. Before car companies sell cars, they
pass (lots of) safety certification tests. Before owners drive
cars legally, they pass a safety and emissions test. Sure, the
highway folks clean up after the occasional tire blowout, but
there's been a lot of work put in to make sure that the engines
aren't going to drop out on a regular basis.

If the Internet was a highway, it would be covered in burned-out engines.

-Dave

Deepak_Jain · January 20, 2003, 6:44am

> As long as the car _moves_ under its own power across the highway, its
> essentially not the car manufacturers' (or the consumers') immediate
> concern.

That's really not true. Before car companies sell cars, they
pass (lots of) safety certification tests. Before owners drive
cars legally, they pass a safety and emissions test. Sure, the
highway folks clean up after the occasional tire blowout, but
there's been a lot of work put in to make sure that the engines
aren't going to drop out on a regular basis.

If the Internet was a highway, it would be covered in
burned-out engines.

True, in the literal sense. 1) Software companies and hardware manufacturers
have their own QA, focus groups and eval processes. Since very few people
will die in the event
of a burned-out engine on the Internet. Determiniation of the value of these
things is up to the reader.

An internal combustion engine is a much older, more widely tested thing than
the "cars" we drive on
the Internet and it figures that in reliability/safety numbers they win.

The motherboards don't blow out, and the asphalt that makes the Internet
highway works too (generally).

DJ

Dave_Howe · January 20, 2003, 10:40am

at Monday, January 20, 2003 5:25 AM, Deepak Jain <deepak@ai.net> was
seen to say:

What incentive does the end-user have to use secure systems? Should
Microsoft, Sun, Sendmail Inc or ISC be required to send a technician
out to fix every defective system they released? Why should the ISP
be held accountable for the defects created by others? Car makers
have to fix defective cars, not the highway department.

Without jumping into this discussion, I would like to make the point
that if a car on the highway drops something... a pebble. a window.
tacks. or any other item on the highway that is potentially hazardous
or inconvenient to others who want to use that highway... the car
manufacturer doesn't come out, the highway department does.
As long as the car _moves_ under its own power across the highway, its
essentially not the car manufacturers' (or the consumers') immediate
concern.

I would assume though, that if a particular model of car were frequently
shedding dangerous fragments onto the road due to design flaws, the
highway department might expect something be done to fix the cars and
save them all that work and expense.

Al_Rowland · January 20, 2003, 8:24pm

I particularly enjoyed my time in (Northern) Europe due to the
cleanliness of the streets and parking lots. No pools of dripped fluids
in every space. Made motorcycle riding much more enjoyable. Rather
strict inspection requirements then. If your car had visible drips when
inspected underneath or corrosion (rust spots where probed with
screwdrivers, if it went through, no pass.) you didn't pass. Analogies
to hardware/software are left as an exercise for the reader.

Of course, this system was subject to the same issues any consumer
system has. Market conditions still applied.

Best regards,