[MUD-Dev] DDoS

Mon Apr 17 17:09:34 CEST 2000

J C Lawrence wrote:
> you (effective or not).  The generality you make about DoS attacks
> is so broad as to be meaningless.  Its like saying that IRC
> maintainers are talking about dropping the service because of net
> 'lag.  Way too vague.

What I think is interesting is that free services based on volunteer
work are pulling their plugs because of ongoing negative creativity
(which they only find annoying and not interesting), not because of a
more static technical challenge (like lag).  The era where you could
code and put up a fairly simple public service may be gone...

There is an increasing number of jerks there and they are getting better
tools/knowledge, they have this as a hobby. Most MUD designers/admins do
not, so I am wondering what they are doing, or if they just "hope that
it will go away/forget about me"?? The moment you have to play catch-up
it may very well be too late (IRC).

> Further, competent SysAdms can secure their systems against most DoS
> attacks.  Some are difficult to secure against.  Some, to be
> properly defended against require specific filtering rules to be put
> on the router immediately upstream of you (eg some versions of
> broadcast storms, certain packet floods etc) as defending against
> them is not a question of defending an individual system, but of
> defending your network.

I'm personally not very pragmatic when it comes to networks as I don't
have to deal with any admin aspect of them (yet).  What interests me
(beyond what MUD admins/designers actually experience/worries about) is
the design implications DDoS type attacks has for a MUD design. For
instance, how flexible are the filtering capabilites of routers. Can I
slack my own (server software) "defences" and leave certain things to
say the router?  Can I make my system more robust by choosing a
particular strategy (like using a particular topology in a distributed
system)?

One will basically have to assume that your enemy has access to the MUD
protocol specifics, and maybe even snoop packetes sent to some users,
and thus can bypass some filtering schemes...

Datagram based protocol design is also an area where I haven't found
much guidance on the net. How do I make it effective, reliable, memory
efficient, bandwidth efficient, reasonably secure... What are the best
strategies, what are the options? :( I find it rather difficult to see
the full implications of a particular protocol design, and I don't want
it to be overly hetereogenous/complicated either...

I'd love to see somebodyelses datagram protocol design (for MUDs, chat
services etc)!

> That, with a paired mass infusion of both untrained IRC server
> admins (who don't know how to secure their systems) and
> ScriptKiddies wannabes in recent years has made for rather a mess.

Well, it wasn't designed for this environment...

> This is one of the points where the adaptive defenses I mentioned
> before are coming in.  Given recent events and news stories, this is
> an area of some research.

I'd like to see some ideas on how to make DDoS less effective. If
scaling up (the attack) is what kills you, then maybe scaling up (the
number of nodes) is what will save you? (if done right)

--
Ola

_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
http://www.kanga.nu/lists/listinfo/mud-dev