On Sun, 2002-06-30 at 19:40, Carlo Wood wrote:
> You guys seem to never have had to deal with with REAL flooders.
> Being part of the organization of undernet I've ONLY run into
> real flooders, and then we talk about people taking down servers
> or complete ISPs. These are the ddos attacks, they come from
> a few hunderd hacked accounts are all spoofed preferably. There
> is nothing you can do about it, including the fbi (who doesn't
> "have time" for things like that). The company that hosted Uworld
> on undernet has been under attack for a few *months*, totally
> blocking all internet traffic for the whole company causing for
> 100,000 $$$ of damage. Stopping these kind of attacks "at the
> router" doesn't help. In this case the *uplink* (the big backbone)
> had to install filters. Catching idiots that do these things
> takes a few thousand man hour.
I have to say, I was also surprised by the total lack of flooder/kiddie
> ddos-ing is a fact, and if we start to hide hostnames but we
> don't do it RIGHT the first time, then I am afraid that huge
> ddossing will become more and more common.
Yeah, but your solution could be <numnick>.<isphash>.<tld> or is
numnicks secrecy needed?
> The "solution" for undernet has been to hide all HUBs (nobody
> knows where they are) and to put all services (X/W, Uworld)
> in a distributed manner on the HUBs (thus, even if when a HUB
> goes down; the services still continue to work by silently
> switching to another). Further more the map of servers has
> been hidden and it is no longer possible to see on which
> server a particular user is connected. This seems to help.
Yeah, you'd think that timestamping would help and make kiddies not care
about stuff like that, but NOOO they have a bigger idea lets just kill
the server the user is on.. =/
I mean taking a server out on ircnet would amount to something, A real
nice protocol like ircu would prevent that if it... EVER links again..