On 7 Jun 2001, at 16:30, Paul D. Robertson wrote: > On Thu, 7 Jun 2001, Zachary Uram wrote: > > > Hi Paul, > > > > So is DDoS attacks biggest security threat out there? > > No, most certainly intrusions are the biggest threat out there. > Stopping intrusions would naturally stop DDoS as well as other > attacks. Stopping intrusions *on every host in the wild* should prevent their being used as DDoS zombies. It wouldn't prevent them being used as smurfs -- you have to prevent source spoofing for that. Given that none of us, as far as I know, is in a position to fix every host in the wild, then if I harden a site against intrusions, does it become immune to DDoSes? NO, because the DDoS that takes my site off the air may be targetted at something I don't control: ISP routers, DNS root servers, Akamai cache servers, etc. It's not obvious to me that defending against intrusions does anything to protect me from DDoSes. (Okay, folks -- I'm setting myself up to learn something here. Teach me the error of my ways.) On the other hand, there's a sense in which a DDoS that prevents users from reaching my servers cannot knock me further down than zero. An actual intrusion, a compromise of sensitive medical data or credit card numbers or missile launch codes, has no such natural limit on how bad the damage can be.... David Gillett - [To unsubscribe, send mail to majordomo@lists.gnac.net with "unsubscribe firewalls" in the body of the message.]