[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: IPSEC Security Gateways & NAT
David Chen writes:
> One idea of deter/defend a DOS attack is the attacker
> (initiator) will use more computing resource than the responder.
But sometimes the attacking person doesn't care. Imagine these scenarios:
- The attacker's CPU horsepower is greater than yours, by enough that he
can drown you out without affecting too much whatever else he wants to do.
This could be either because he has a much faster system, or because he has
several systems attacking yours at once (i.e., a *Distributed* Denial of
Service Attack).
- The attacking *system* (or group thereof) is not the property of the
attacking *person*, so the person doesn't care. This is generally the case
in a DDoS attack, launched via a number of zombies, and often the case in
others, just for track-covering purposes.
- The attacking system (or group thereof) is in fact a secondary *victim*
of the attacking person, so the person is even *happy* that the attacking
system is using up its CPU horsepower.
- Lastly, don't forget the non-technical aspects. Maybe the attacker
simply doesn't have anything better to do with his time. (Mainly CPU time,
but I suspect many skr1pt k1dd13s have nothing better to do with their
real-world time!) He can thus essentially subtract his CPU horsepower (or a
significant fraction thereof) from yours, without really being bothered; in
fact, he may find it entertaining, at least more so than homework.
--
Dave Aronson, Sysop of free public Fidonet BBS Air 'n Sun, +1-703-319-0714.
Opinions all MINE, not by Cryptek/NRA/SCA/Mensa/HWG/LPUSA/CAUCE/FedGov/God!
See my web site, at http://listen.to/davearonson (last updated 2001-06-27).
Device-driver proggers: see http://www.cryptek.com and send me your resume!