Russian Cyber-attacks

Mike O'Dell mo at ccr.org
Wed May 23 20:35:36 CDT 2007


without addressing the specifics of this particular attack
(because i don't know any specifics), the "zombie bot armies",
of which there are many, number in the thousands of machines
each.  

the problem is not that there is just one path into Estonia,
but quite the opposite. it has good connectivity and that
means that there are multiple paths so that it's not
possible to turn off the "tube from Russia". the whole 
Internet was designed to avoid single points of failure.

what the Internet cannot do is impute intent on the part of
a packet sender. actually, nobody can do that in real time,
not just "the Internet". that's why dealing with these
attacks is very hard - one knows it's "evil" only in
retrospect. 

it's very likely the current attack is not "direct", but
indirect, or a so-called "Joe Job", wherein the attacks
are "bounced off" other systems to disguise the true 
origin. and with thousands of source systems, the
hail of packets can appear to come from all directions.
it's very, very tricky to identify the real origins.

there is work on identifying zombie armies and possibly
interdicting them, but it's not a trivial problem.

sigh

	-mo




More information about the Tacos mailing list