benjojo.co.uk

one honk maybe more

benjojo posted 17 Nov 2024 17:13 +0000

In the continuing tradition of "everything is AI", Apparently DDoS attacks smarter than a cURL in a while(true){} loop is now AI according to this Nokia slide deck

The idea that botnets are a 2020 thing is a insane assertion to put on a slide deck that is trying to sell people who have DDoS problems mitigation appliances.

There is a conundrum with these kinds of talks, because they are almost always conference sponsor talks. I feel a weird obligation to not call out the insane stuff in their slides, but also. This is such a warped reality being presented. gah.

A nokia side that says the following DDoS also has evolved over time (Spoofed) Small number of compromised machines generating spoofed traffic to victim or via misconfigured DNS, NTP, Memcache servers Blocked on scrubber using SYN-cookie, port / protocol / packet size access control lists (ACLs) or policers Mostly amateur/script-based and commercial booter web sites 2020-2024 (Botnet) Thousands of compromised loT botnet devices generating traffic floods or sending realistic HTTP/DNS/VoIP requests to servers. GigE symmetric rollouts. Difficult to mitigate using traditional DDoS mitigation appliances Criminal gangs / state-affiliated actors 2024+ (AI) Millions or hundreds of thousands of residential proxies, compromised loT sending realistic HTTP/DNS/VoIP requests to servers High automation and attack variability. Both microburst and long-lived. Criminal gangs / state-affiliated actors

icedquinn@blob.cat replied 17 Nov 2024 17:17 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/nKR16tjsS7VQ6dX23s

@benjojo
SCTP: :blobcatbernie:
MinimaLT: :blobcatnerd:
SCION: :blobcatpolicedonut:

meanwhile, every ISP: nah, lets just keep using tcp/ip

awlnx@social.ffmuc.n.. replied 17 Nov 2024 17:18 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/nKR16tjsS7VQ6dX23s

@benjojo Exactly my thinking. Let‘s wait for the AI DDoS defenses promoted … which are just a P95 averaging and cut peaks.

FenTiger@mastodon.so.. replied 17 Nov 2024 17:19 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/nKR16tjsS7VQ6dX23s

@benjojo "My data centre full of GPUs can knock your Raspberry Pi off the net - more effectively than ever before!"

dee@social.treehouse.. replied 17 Nov 2024 17:38 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/nKR16tjsS7VQ6dX23s

@benjojo knowing the current DDoS protection techniques, AI attacks would be useless... Detected and mitigated ridiculously quickly.