Comment by seiferteric
4 years ago
Why is ddos still possible? It is possible for isp’s to stop this. There is a proposal for isp level blocking if spoofed source addresses. Also there should be something like an api where I can tell my isp that I don’t want to receive anymore packets from a given source and it should be propagated up the chain.
The key is in the first D: "distributed." A DDoS is designed to look just like legitimate traffic, but coming from many sources all at once. The goal of a successful attack is to both overwhelm the target network by sheer volume, and to make it difficult to stop the attacker without also blocking legitimate traffic. They persist in large part because they exploit the interconnectivity that makes the internet useful in the first place, without which it would cease to be.
The firewall can't tell what is legitimate traffic and what looks like legitimate traffic, but the application often can. This is what DOTS us trying to cover: let the application server tell the firewall who to allow or block in real time.
https://www.rfc-editor.org/rfc/rfc8782.html
It depends, some attacks rely on spoofing source address.. This should not be possible and is easily detectable by ISPs as illegitimate traffic. As far as my other suggestion, it would be a user accessible API. Whomever controls an IP should be able to instruct their ISP what is/isn't legit traffic, so the ISP does not have to know anything.
This is a nice read https://blog.cloudflare.com/the-root-cause-of-large-ddos-ip-...
It is indeed possible for ISPs to stop this, but my guess is that it's cheaper not to :) Large ISPs could require egress filtering for peering with them.
I could see this argument maybe 10+ years ago, but we are almost at a crises level with internet security with all the stuff happening. Legislation should be passed if needed to mandate this technology.
100% agree with you. We gave the ISPs more than enough time to get this under control, yet they don't seem to want to bear any cost in preventing what are essentially crimes (though as shown in the blog post cybercrimes are seen as a bit of a joke unless they cause monetary damages) taking place on their networks. If they are not willing to self-regulate it's the governments job to regulate them.
2 replies →
That exists: DOTS: https://www.rfc-editor.org/rfc/rfc8783.html