[AusNOG] NBN must avoid becoming 'failed state'

David Hughes david at hughes.com.au
Sun Sep 19 16:26:57 EST 2010


On 19/09/2010, at 11:55 AM, Mark Newton wrote:

> Given that the metric shedload is relatively easy to accumulate, 
> an that a sufficiently large botnet packs a wallop large enough to
> launch practically any attack EVEN IF all of its members are on 
> dialup, I'm not convinced that that makes any difference.

Clearly I'm doing a bad job of making my point here.  In the past and at present it takes a botnet to cause any significant impact.  With a 40mbps outbound channel 2 teenage kids could take out most web sites with their home connections.  I reckon the relationship between "available bandwidth" and "sophistication required to DoS a target" is inversely proportional.


> A single NBN attached machine doing that will be shut down in a 
> New York minute.

Why?  The ISP isn't going to be proactive as it's just a client using all their outbound.  Like that doesn't happen these days with the widespread use of torrents etc.  So when the web property owner realises that they are off the air then the "New York Minute" will start - well, once you get through a few layers of helpdesk people who don't know what you are talking about.  So for an average company they could easily be off the air for a week because it's unlikely they'll be constantly visit their own site.  Given my more than cursory understanding of the average hosting company, they wont do anything until the client complains.  They'll just bill the excess traffic.


> The only reason DoS attacks work is because the originator of the
> attack is unknown.  Turning it into a known source address attack
> definitively alters the threat model.

Correct - once the attack has been identified and reported to the hosting provider it can be easily mitigated.  So sophisticated attacks are required against sophisticated targets.  With a nice fat FTTH connection, unsophisticated attacks will work against unsophisticated targets.  We don't have that in our current environment.


David
...




More information about the AusNOG mailing list