Anti-DDOS Alliance In The Works? 145
Rackemup writes: "This article on ZDNET says McAfee and some anti-DDOS vendors are finally teaming up to address DDOS attacks and Code-Red-like network scanning. Seems like they're finally catching on that a purely reactive approach to Internet and virus attacks isn't going to cut it anymore, even after all the media coverage of these latest virus attacks there are still loads of zombie machines out there merrily scanning away, looking for others to infect."
The hardware companies need to be involved too (Score:3, Interesting)
Imagine if routers could be dynamically updated to intelligently scan traffic for DDOS attack patterns and block these before any host in the internal network even sees it.
MIT has done a lot of work in this area of "Active Networking".
Accepting responsibility might help! (Score:2, Interesting)
The problem is rooted much deeper than you might think. People are simply not going to upgrade software out of security reasons. They don't care about anything as long as the software keeps working.
People should be held accountable for bad security, this is the only way to get them to friggin secure their internet connected boxes and thereby dramatically reducing the chance that a worm will ever reach proportions like Code Red II again..
The first thing people tell me when I try to convince them they need to keep up with security patches is that they "don't have anything interesting for a cracker to find"(TM). But they forget that if their servers get cracked into, the first thing the cracker is going to do is crack other boxes from there. So by not securing your internet connected boxes u are actually helping crackers(or worms) crack more and more boxes without anyone being able to trace them.
Worms like code red are just the beginning, I have already made a worm concept that will be far worse than Code Red II. Just add some P2P like networking between the compromised systems and u can actually make the worm aware of itself, by making it react if large numbers of hosts are being disconnected by starting to spread again. Even anonymous communication with the worm is possible through means of something like Freenet, and by communicating with the worm someone could feed new ip-ranges to scan or even upgrade the worm to use new exploits. Someone could have (close) to realtime control of hundreds of thousands of internet connected boxes. This is just a simple example of what a well written worm can do, and it will be practically unstoppable.
So instead of being one step behind all the time maybe it's time for some regulation here. If your box gets cracked using an exploit that has been patched over say... six months ago (whether it be done by a worm *or* a cracker), then you *should* be held accountable for the damage your system causes. It's just plain irresponsible to keep an insecure box connected to the internet, and if people won't use their common sense and thereby cousing problems for other innocent people they deserve getting in trouble.
pfew... end rant here...
--
Heisenberg could have been here...