Comment by smt88

3 months ago

It's impossible to stop DDoS attacks because of the first "D".

If a botnet gets access through 500k IP addresses belonging to home users around the world, there's no way you could have prepared yourself ahead of time.

The only real solution is to drastically increase regulation around security updates for consumer hardware.

10 comments

smt88

Reply
rgilton  3 months ago

Maybe that's the case, but it seems like this conclusion is based on the current architecture of the internet. Maybe there are ways of changing it that mean these issues are not a thing!

  • smt88  3 months ago

    It's not an architectural problem. It's a fundamental issue with trust and distributed systems. The same issues occur in physical spaces, like highways.

    The core issue is that hackers can steal the "identity" of internet customers at scale, not that the internet allows unauthenticated traffic.

    • rgilton  3 months ago

      > The core issue is that hackers can steal the "identity" of internet customers at scale

      That's on one end, right? There's also the other end: as a user connecting to the network, currently one is subscribing to receiving packets from literally everyone else on the internet.

      > It's a fundamental issue with trust and distributed systems

      We currently trust entities within the network to route packets as they are asked. The network can tolerate some level of bad actors within that, but there is still trust in the existing system. What if the things we trusted the network to do were to change slightly?

venusenvy47  3 months ago

Do the IP addresses botnet members get logged? Could those IP addresses be automatically blocked by DNS until they fix their machine?

  • smt88  3 months ago

    IP addresses aren't unique or stable. You can't use them to identify individual devices.

  • Maxion  3 months ago

    Lets say your samsung fridge gets hacked and is now a member of a botnet. How do you detect that before the botnet does something?

    • Woodi  3 months ago

      Why fridge need to have rights to initiate connection to something on internet ?

      Why fridge need to even be reachable from the internet ?? You should have some AI agent for managing your "smart" home. At least it's how sci-fi movies/games show it, eg. Iron man or Starcraft II ;)

      1 reply →

    • venusenvy47  3 months ago

      I was thinking of a reaction to a DDOS event, so those devices are flagged as being infected. You could prevent future attacks if those devices are ignored until they get fixed.

      1 reply →