Post a comment

Story: Symbiot launches DDoS counter-strike tool

Hey all. I'm Tommy, AKA Silicon Valey. I think this is an April Fools joke and the writer is either in on it or was taken for a ride. Other than the countdown pointing to the obvious approximation, here are a few sound reasons....

I say this given my background of having worked in a major NOC in Silicon Valley, San Mateo, CA to be exact. At that location at or near the top of the food chain, you can study data that reveal the closing and opening of ports as the mathematical or theoretical limit of a system is reached. It's pretty cool when you first see the data...but in real time firing back? I do not think so. This image of a classifiable type of warfare, linear and definable as having come from a singular opponent does not occur except by morons who are easily caught. Unless stated outright by an opponent an attack-response will require verifiable evidence that an attack is taking place by the opponent through their own will, which can only be discovered through a call to the NOC of the opponent, obtaining that verification or the lack thereof and your corporation shutting off _the_ router or switch port causing the trouble. Shutting off the nodes/ports in question are performed through access to trusty APC MasterSwitch Plus Web SNMP or other hardware that gain acces though aux ports or dialup and are never in the line of fire. You wouldn't even need to get out of the NOC console chair to reboot half the Internet. This is the main reason why in my opinion this is an April Fools joke. Attacking any system would cause the response no matter how measured to cause you to use your own bandwidth up or bandwidth that you do not own and will soon be litigated to pay for having disrupted! That is not what you want to do. You would be flooding your own and every other parties switch and router ports on the way to the target! Doh! You want your own systems to communicate within the geographical area that you have control of.

If the attack is inside your own LAN or WAN area and you have to gain control over it...that is an interesting problem and one that research has been done on. You might try switching the heartbeat of the LAN/WAN on and off temporarily until you can locate the nodes or systems that are causing the problem, all the while shielding the DNS and TLD systems.

The worm wars are waging because the cover afforded is valuable, and the property involved given the distribution and nearness to likely targets is valuable. Sort of like trying to buy a nice property at the seaside. The view is great. The proponents of that game are vying for the free ride, which given the outcomes will certainly give them great distributed systems located on LANs from which to wage attacks on systems and resources on the WAN/Internet. A single system for defensive or offensive work is hogwash. It takes hundreds if not thousands of systems working in a coordinated manner at or near the nodes of opportunity in order to play the game.

At this time I cannot foresee the justifiable use of the system being rolled out. Small bandwidth players will be locked out of the fray just as they were on "Sept 11." You need fat OC pipes just to be able to see the end of the first node when all heck breaks loose, systems located on thousands of nodes reporting back to you and a means of resetting ports on switches and routers up and down the entire segment(or multiple segments) that are not in the line of fire or are waiting to be lit up when needed. This is if you want to be able to respond in time by shutting down the nodes leading to your systems. The only people that any of this makes any sense for are Tier 1, backbone providers, purchasers of those systems and governments who may engage in the battle first by closing nodes...not flodding them with their own packets. Given the state of the art in these areas smaller pipes computing systems will be relegated to distributed DoS where they can provide the most damage in tight

Full Talkback thread