[AusNOG] NBN must avoid becoming 'failed state'
Mark Smith
nanog at 85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org
Sun Sep 19 20:08:36 EST 2010
On Sun, 19 Sep 2010 16:26:57 +1000
David Hughes <david at hughes.com.au> wrote:
>
> On 19/09/2010, at 11:55 AM, Mark Newton wrote:
>
> > Given that the metric shedload is relatively easy to accumulate,
> > an that a sufficiently large botnet packs a wallop large enough to
> > launch practically any attack EVEN IF all of its members are on
> > dialup, I'm not convinced that that makes any difference.
>
> Clearly I'm doing a bad job of making my point here. In the past and at present it takes a botnet to cause any significant impact. With a 40mbps outbound channel 2 teenage kids could take out most web sites with their home connections. I reckon the relationship between "available bandwidth" and "sophistication required to DoS a target" is inversely proportional.
>
This discussion seems to be based on the premise that only the access
network speed is going to be upgraded.
>
> > A single NBN attached machine doing that will be shut down in a
> > New York minute.
>
> Why? The ISP isn't going to be proactive as it's just a client using all their outbound. Like that doesn't happen these days with the widespread use of torrents etc. So when the web property owner realises that they are off the air then the "New York Minute" will start - well, once you get through a few layers of helpdesk people who don't know what you are talking about. So for an average company they could easily be off the air for a week because it's unlikely they'll be constantly visit their own site. Given my more than cursory understanding of the average hosting company, they wont do anything until the client complains. They'll just bill the excess traffic.
>
>
> > The only reason DoS attacks work is because the originator of the
> > attack is unknown. Turning it into a known source address attack
> > definitively alters the threat model.
>
> Correct - once the attack has been identified and reported to the hosting provider it can be easily mitigated. So sophisticated attacks are required against sophisticated targets. With a nice fat FTTH connection, unsophisticated attacks will work against unsophisticated targets. We don't have that in our current environment.
>
>
> David
> ...
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
More information about the AusNOG
mailing list