Ding Dong…DDoS is dead!
on December 5th, 2006 at 5:33 pm
CJ Kelly, a blogger at Computerworld, proclaimed yesterday that the Internet is safe from DDoS. She says:
…maybe 5-8 years ago this was a possibility, but I don’t think it’s possible to do a large scale DDoS attack any more.
Man, I am so happy to hear this news. You can’t fathom the relief at hearing Ms. Kelly announce our new found safety. I am so indebted to Ms. Kelly for fixing the Internet yesterday right after she posted this announcement.
What was that? What happened yesterday? Well, let’s see. A business web service provider called CrystalTech went down for four hours due to a DDoS attack (it happened the same day she wrote her post). I am glad that isn’t going to happen anymore.
Oh, and EveryDNS was hit hard last week with a DDoS attack that took them down for 1 1/2 hours. I am totally relieved that we won’t see that again.
I also seem to remember a company called Blue Security closing its doors in May because a nutty spammer decided to DDoS them and started causing trouble all over the Internet. Here’s a quote from the article:
The attacks not only disrupted Blue Security’s operations but knocked out the Web blog hosting service Six Apart and a handful of Internet service providers, including Tucows.
Man, I am so happy we are done with DDoS attacks.
OK, I guess that is enough. CJ Kelly’s post is nothing short of ridiculous. I mean, really. Does she write from a black hole where the only articles she can find to support her are Cisco press releases and product whitepapers? I’m not kidding. Look at her links to Cisco. It is friggin’ Cisco propaganda that she calls “informational pages”.
Holy crap, my head is about to explode.
Ms. Kelly, please do some research. Please read the news. If you are a “real world Information Security Officer” as it says in your CW bio, I beg you to better serve your company and the information security industry by informing yourself before you start writing.
Vet
Oh and my favorite
CISCO
You may find better,
But you will never pay more !
DNS amplification attacks, like the one that took down BlueSecurity, make me wake up at night in cold sweat. There is simply no technology that can protect you from 6-10gbps of valid DNS traffic hitting your servers. Even companies that specialize in DDoS protection, like Prolexic Technologies, cannot withstand that DNS traffic of that volume.
http://www.securiteam.com/securityreviews/5GP0L00I0W.html
When I did a talk about evolution of threats at the HostingCon this year, I asked a room full of very bright network operators if they have any viable solutions to DNS amplication DDoS attacks. Not one hand went up.
We did come up with an interesting architecture for this at Alert Logic (unimplemented at this time). Unfortunately it’s a scheme that relies on a certain element of obscurity to be successful, so we won’t be writing any papers about it, as much as we would like to share it.
In any case, we are far from being done with DDoS.
Misha
We have seen this kind of thing for a long time..
BLUE Suits ( IBM or nothing, Why did he need that THINK plaque behind him, to get him to “THINK”)
Bell Shaped Heads ( bell telephone , ONLY “MA BELL” can do it right)
Microsoft ( since its attacked more than any other os it will be secure ) yea RIGHT , sure BILL, looser , rich Looser
I see this a ” If all you have is a hammer , everything looks like a nail ”
BLINDERS on MOUTH flapping
La la la
As long as there are botnets, DDoS is still one of those things that is most scary on the Internet. Not because I might be a target, but because me or things I rely on may end up as collateral damage.
WOW! Great post – put up yer dukes!
Great visual graphic !
- Mitchell
where are on earth to these people come up with these things??
i witness and monitor ddos attacks entering our backbone frequently..ddos is surely not dead..and i don’t think it will be anytime soon, unless kids stop compromising machines and compiling botnets…which isn’t happening…soon..ever..who knows..
and with the price of GREAT anomaly detection and mitigation devices like arbor’s peakflow sp..not every network can afford these luxuries..ddos is far from dead