Readit News logoReadit News
Posted by u/scrpl 2 years ago
Conversing with Vulnerabilities: AI-Assisted CVE Searchscorpil.com/post/conversi...
scrpl commented on The novel HTTP/2 'Rapid Reset' DDoS attack   cloud.google.com/blog/pro... · Posted by u/jsnell
cmeacham98 · 2 years ago
The point I'm trying to make is that "small" protocols aren't less likely to be DDoS vectors.

Avoiding designing in DDoS relay/amplication vectors requires luck or intention, not just making the protocol small.

scrpl · 2 years ago
Small, less complex protocols are inherently less likely to be insecure all things being equal, simply due to reduced attack surface.

DNS was created for a different environment, at a time when security wasn't at forefront so it's not a good example of the opposite.

scrpl commented on The novel HTTP/2 'Rapid Reset' DDoS attack   cloud.google.com/blog/pro... · Posted by u/jsnell
cmeacham98 · 2 years ago
DNS is a small protocol and is abused by DDoS actors worldwide for relay attacks.
scrpl · 2 years ago
DNS is from 1983, give it some slack
scrpl commented on The novel HTTP/2 'Rapid Reset' DDoS attack   cloud.google.com/blog/pro... · Posted by u/jsnell
scrpl · 2 years ago
Another reason to keep foundational protocols small. HTTP/2 has been around for more than a decade (including SPDY), and this is a first time this attack type surfaced. I wonder what surprises HTTP/3 and QUIC hide...
scrpl commented on The largest DDoS attack to date, peaking above 398M rps   cloud.google.com/blog/pro... · Posted by u/tomzur
dmm · 2 years ago
Block the whole subnet and make it the ISP's problem?
scrpl · 2 years ago
I‘m sure comcast is terrified that their users won’t be able to read my blog.
scrpl commented on The largest DDoS attack to date, peaking above 398M rps   cloud.google.com/blog/pro... · Posted by u/tomzur
nine_k · 2 years ago
Not as bad as one may think. It's proper feedback which can be acted upon.

Every reasonable connectivity provider would pay attention to this info, or face intense complaints from its users with shared and dynamic IPs. It would identify sources of attacks, and block them at higher granularity level, reporting that the range has been cleared. (If a provider lied, everyone would stop believing it, and the disgruntled customers would leave it.)

For shared hosting providers it would mean blocking specific user accounts using a firewall, notifying users, and maybe even selling cleanup services.

For home internet users, it also would mean blocking specific users, contacting them, helping them identify the infected machine at home.

It would massively drive patching of old router firmware which is often cracked and infected. Same for IoT stuff, infected PCs, malicious apps on phones, etc. There would be an incentive to stay clean.

scrpl · 2 years ago
If the one doing the blocking is not at FAANG it would do nothing of sorts. And FAANG benefit from DDoS by getting people into their walled cloud gardens.
scrpl commented on The largest DDoS attack to date, peaking above 398M rps   cloud.google.com/blog/pro... · Posted by u/tomzur
DanielBMarkham · 2 years ago
Why don't we just require major providers to provide a realtime list of IPs that are attacking so that we can drop them in a block list with an expiration date of a month or so.

If your computer is infected, I don't want to talk to you for a month. If it continues to be infected, I might up that to a year, or permanently ban you.

It's your problem. Go fix it.

scrpl · 2 years ago
Great solution for a world without shared and dynamic ips.
s

u/scrpl

KarmaCake day75November 4, 2021View Original