[AusNOG] NBN must avoid becoming 'failed state'
Andrew Fort
afort at choqolat.org
Sat Sep 18 21:22:58 EST 2010
On Sat, Sep 18, 2010 at 9:09 PM, David Hughes <david at hughes.com.au> wrote:
>>
>> Didn't really happen. Speaking holistically, it's hard to argue that the
>> state of the security art is any worse now than it's ever been.
>
> Can't say I can agree with that Mark. I reckon it did happen. In the days of Dial-up, the outbound capability of the average compromised machines was so limited that the target of a DoS attack was pretty much restricted to other dial-up clients. V.90 only gave you 33k outbound so you'd need a metric shedload of compromised machines to do any significant damage to a well connected content source.
>
> With the advent of ADSL, the dramatically increased outbound capacity means that a botnet can now have a pretty good crack at a tier-1 web property or the root nameservers. Take that to an NBN environment and you have gone for a 20:1 outbound ratio at 20mbps to a 2.5:1 ratio at 100mbps. I'd suggest that even a single NBN attached machine could do significant damage to an "average" web site.
>
And now that you can "kill anyone" with fewer bots, you just increased
the value of the botherders assets. e.g., If I only need 5000
machines instead of 50k for a "single unit of pwn", I have 90% of my
infrastructure idle for making me more money. I'm assuming the market
has sufficient demand for additional DDoS, but the point is any
additional packet-per-second makes the herders more money. As we
know, ethernet networks are generally very effective at delivering
line-rate. So expect DDoS to put heavy pressure on the G[x]PON OLTs.
> So I stand by my autobahn analogy. The problem has always existed. But at higher speeds it just more dramatic (or a dramatic outcome is much easier to achieve).
I think you're 100% right - the botherders will follow the money, and
they'll come to the NBN like they have to other hyper connected
societies, because it makes them more money to do so. I read that as
Roland's message.
I'd like to see the NBNco talk about rate-limiting and other tactical
measures (such as temporary ACLs, pushback-like approaches and so on),
that can be triggered by RSPs via the API, as a way of rapidly
reducing the economic value of the end hosts attached to the NBN for
bot herders. That'd be something they could be really proud of, I
reckon.
-a
More information about the AusNOG
mailing list