Forgot your password?
Close
typodupeerror

Comment Re:Set up correct secondary DNS servers (Score 1) 351

by jackinthebag (#53147095) Attached to: Slashdot Asks: How Can We Prevent Packet-Flooding DDOS Attacks?

There used to be a website where so many people went to a posted URL that the server could not follow the requests. This was called slashdotting. These were all legitimate requests. With a DDOS the requests are not legimate in a sense that the owner of the device did not want to do the request. So I have some questions: How do you know the difference between a legimate and non-legimate HTTP request?

Short answer, you don't.

To elaborate, as long as the HTTP packet requesting information will result in the distant end providing what was requested, at a technical level, it is a valid and legitimate request. There is no way to look at the HTTP packet and say "Oh, this isn't legit".

As for the notion in the article that addresses were spoofed, that's probably only true for the C&C. The compromised IoT things were almost certainly not spoofed, because they don't really matter. They're just owned devices, spread out over a very wide area, each sending out trickles of valid HTTP requests that culminate into a 1Tbps + flood.

Keep in mind, HTTP was made in the era of Trust Everyone. It was never designed with a mechanism that validates the legitimacy of a request. Until such a time comes about that we use a new standard that somehow DOES validate that traffic, the DDoS problem will persist.

In fact I'd argue that the question is bunk in the first place. The DDoS attack isn't like an SQL injection or Priviledge escalation flaw. It's an overload. Period. You can't patch something being pushed beyond capacity. There's no way that we can mitigate it on the current internet without changing a majority of the transport standards in place. And even if we DID have such a method of determining what's legit and what's not, how do we even delineate which is which in the first place?

If you say that only HTTP requests from a web browser, for example, are legitimate, that breaks skimmers and search engines that rely on being able to issue requests and get responses. And that's HUGE. You want to blocked "spoofed" addresses. Ok then, guess anyone spoofing anything due to security concerns is fucked.

The problem will not be solvable within the forseeable future, and that's something many folks need to start accepting that.

Slashdot Top Deals

It isn't easy being the parent of a six-year-old. However, it's a pretty small price to pay for having somebody around the house who understands computers.

Close