Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Technical Solutions (Score 1) 336

That IS the point. How do you know who is being attacked? How do you trust that which is inherently untrustable? "Bob said he was under attack. I know Bob. Bob told me in person. And Bob never makes mistakes." Great. You trust Bob and are now filtering any attack traffic from your network. How do you get the other 7bil people on Earth to trust Bob (or you as proxy)? Coordination of the who's and where's is a MASSIVE issue. No amount of hand waving or snapping one's fingers will cause a solution to pop into existence. Any such system would be gamable as an attack vector itself.

Plus, as I've said elsewhere, we can't get people to turn on technology that's been in the hardware for 20 years -- one command; computationally "free" as it's built into the forwarding hardware. What makes you think even 10% of the networks in the world would play ball? We have the mess we have today because everyone is free to run their network(s) however they please.

Comment Re:Companies that never made money and never will (Score 1) 98

I very highly doubt that. How many "youtube millionaires" are there? If youtube ads are generating that kind of cash for uploaders, it's making A LOT more for youtube. The only way they can be "breaking even" is by accounting tricks to hide money. (i.e. "buying" services from other parts of the company.)

Comment Re:Technical Solutions (Score 1) 336

MAC's don't cross routers -- they're local, ethernet node-to-node addresses. My ISP(s) have no idea what devices I have inside my network(s). All they see is the one MAC of my router. (also, because I'm only allowed one device on the cablemodem.) ISPs would have to push filters into the customer's network, which they very likely cannot control. Plus, the filters would have to be changed regularly based on data from a non-existent "DDOS reporting/coordination center". (If I'm under attack, how do I alert every ISP on the planet? How do you authenticate that report? How do you prevent hackers from using such a service to create a DDOS?)

Comment Re:DoS (Score 1) 336

NAT isn't the problem. STUPID PEOPLE are the problem... NAT'ing things that should be left isolated, and giving internet access to junk that doesn't even need to be connected privately. (and then there's the BS of UPNP. Sure, let's let any f'ing thing on the network make whatever holes it wants through the "firewall")

Comment Re:Ineffective (Score 1) 336

quickly becoming obsolete anyway

Not obsolete, per se, just ineffective. If you can get 100,000 devices to make 100 DNS queries per second, that's 10mil packets per second. There's little need to hide where they're coming from. Even if some of them get shutdown, there are plenty more out there. Too damned many things that have no reason to be "connected" are sitting on the internet. There's zero security in their design, zero security in their setup, zero security in their use, and no g** d*** reason for them to be talking to the rest of the internet. It's even better when you look at the shear volume of abandonware there is -- that cool networked thermostat [printer, coffee mug, etc] you bought last month? No longer the current model, and no longer supported (and never was.)

Comment Re:Ineffective (Score 1) 336

I suspect your "customers" need to find better ISPs -- i.e. stop running their business via a residential service. 200 almost identical pdf attached emails all at once is certainly going to raise a flag. To a residential ISP, it's simply 200 all at once that triggers action. Either run your own mail server on a true business line (TWC-BC ain't it) or pay someone else to host your email, and never relay anything through the ISP server(s). That does mean having your own domain and looking like a real company instead of "".

Comment Re:Ineffective (Score 1) 336

BCP38 is useless in these cases ...

Except for tracking back the infected devices. Or put another way, being able to trace back where the traffic is coming from to place filters where they would be most effective. DDOS attacks tend to me far less distributed than the name implies. Also, ultimately removing the infestation from those source networks/machines.

and in contrast to the claims of these articles, are already widely deployed.

*sigh* Except THEY. AREN'T. The last time I checked (a few years ago), none of my providers limited the source of my traffic. Earthlink, TWC, VZB, TWTC (now L3), ...

Comment Re:Ineffective (Score 1) 336

Actually, it adds a measurable cost. Something has to generate a password, print it on a label, burn it into the device, and then get it on the case. The biggest issue is getting the manufacturing chain re-tooled to do it. There's already a serial number doing all that, so the SN logically becomes that "random password". Given the MAC and SN are related numbers, it makes for a bad password.

And after all that work, the new owner sets a bad password. A device with complex password requirements will get returned in favor of one that doesn't preach bullshit to the user. (the more complicated you force a password to be, the LESS secure the password will actually be. How many times have I seen people use P@s5word or P@ssw0rd?)

Slashdot Top Deals

For large values of one, one equals two, for small values of two.