DDOS harmful to me?
September 13, 2005 7:14 AM Subscribe
My Sysadmin blocks sites that are known targets of DDOS attacks, saying that there's a risk to us as well. I argued that I don't believe that to be so, I don't see how a site being the subject of a DOS attack can possibly harm me becausing I am browsing there. Am I wrong? Can a DDOS attack hurt my computer (or our network) in some way I don't know about?
So these and other possibilities can be a bit of stretch, but s/he is not totally off-the-wall
Oh, I disagree. Everything you mentioned is a casual danger just by surfing the net in general, irrespective of the server-in-question's victim status in repeated DDoS attacks. By the Sysadmin's rationale, he shoud just close off all outgoing ports on the firewall, and sit in the dark.
I always tell my clients, people in my office, random people off the street, people I call at 2am (etc): The internet is like the wild west. If you leave your house without your six-shooter, you're just asking for it.
posted by thanotopsis at 8:37 AM on September 13, 2005
Oh, I disagree. Everything you mentioned is a casual danger just by surfing the net in general, irrespective of the server-in-question's victim status in repeated DDoS attacks. By the Sysadmin's rationale, he shoud just close off all outgoing ports on the firewall, and sit in the dark.
I always tell my clients, people in my office, random people off the street, people I call at 2am (etc): The internet is like the wild west. If you leave your house without your six-shooter, you're just asking for it.
posted by thanotopsis at 8:37 AM on September 13, 2005
Oh, I disagree.
I'm not defending the Sys Admin, just trying to come up with rationalizations for his/her decision.
posted by poppo at 8:52 AM on September 13, 2005
I'm not defending the Sys Admin, just trying to come up with rationalizations for his/her decision.
posted by poppo at 8:52 AM on September 13, 2005
In fact, Thano, I think we're in complete agreement. The internet is a dangerous place. The question BlueScreen asked was "Can my computer be harmed by this?" Answer is no, not technically by the DDoS itself, but here are x, y, and z that your Sys Admin may be thinking about.
posted by poppo at 9:16 AM on September 13, 2005
posted by poppo at 9:16 AM on September 13, 2005
but here are x, y, and z that your Sys Admin may be thinking about.
My point is that the SysAdmin doesn't get that excuse. He should be thinking about that for all sites. If that scares him to the degree that he needs to block those sites, then he needs to block all of them. Seeing as that's a ridiculous scenario, blocking those sites that he has already (for the reasons he's given) seems equally ridiculous.
posted by thanotopsis at 9:44 AM on September 13, 2005
My point is that the SysAdmin doesn't get that excuse. He should be thinking about that for all sites. If that scares him to the degree that he needs to block those sites, then he needs to block all of them. Seeing as that's a ridiculous scenario, blocking those sites that he has already (for the reasons he's given) seems equally ridiculous.
posted by thanotopsis at 9:44 AM on September 13, 2005
Sounds like your sysadmin should read Bruce Schneier's book on managing risk.
Blocking known DDoS targets may reduce your risk (basically in the way poppo described: a known DDoS target is probably also the target of other types of attacks, one of which could include a component that owns browsers that visit the web site). But every computer on the Internet is the target of attacks like that, in the form of worms, so it's not clear why DDoS targets should be a special case.
In fact, you could argue that since a DDoS target is going to be offline more than other sites -- the DoS in DDoS does stand for "Denial of Service" after all -- they would be a safer site to surf to, since it might take a little longer to get infected when a worm starts going around.
You're putting up with a large inconvenience (not being able to access these web sites -- Yahoo, Amazon and Microsoft are all, or have been, DDoS targets -- have they been blocked?) in return for little to no reduction in risk.
posted by event at 9:57 AM on September 13, 2005
Blocking known DDoS targets may reduce your risk (basically in the way poppo described: a known DDoS target is probably also the target of other types of attacks, one of which could include a component that owns browsers that visit the web site). But every computer on the Internet is the target of attacks like that, in the form of worms, so it's not clear why DDoS targets should be a special case.
In fact, you could argue that since a DDoS target is going to be offline more than other sites -- the DoS in DDoS does stand for "Denial of Service" after all -- they would be a safer site to surf to, since it might take a little longer to get infected when a worm starts going around.
You're putting up with a large inconvenience (not being able to access these web sites -- Yahoo, Amazon and Microsoft are all, or have been, DDoS targets -- have they been blocked?) in return for little to no reduction in risk.
posted by event at 9:57 AM on September 13, 2005
IMHO, the SysAdmin isn't thinking it through. The fact that a site has been attacked doesn't somehow make it a "carrier" of DDoS.
This sort of thinking occurs with purebread dogs. If a purebred female is impregnated by a mutt, she is considered to be "polluted," and her offspring can no longer be called purebred, even if she is bred to a purebred male. (The same thing happens with breeding stock cattle.)
It just ain't so.
posted by KRS at 10:38 AM on September 13, 2005
This sort of thinking occurs with purebread dogs. If a purebred female is impregnated by a mutt, she is considered to be "polluted," and her offspring can no longer be called purebred, even if she is bred to a purebred male. (The same thing happens with breeding stock cattle.)
It just ain't so.
posted by KRS at 10:38 AM on September 13, 2005
Could your SysAdmin be blocking the sites because he doesn't want his computers contributing to a DDoS attack? Perhaps his thinking is, if one of my PCs gets owned it will be less of a problem if it can't participate in the DDoS attack that it is programmed to participate in.
posted by HiddenInput at 11:12 AM on September 13, 2005
posted by HiddenInput at 11:12 AM on September 13, 2005
Speaking as a sysadmin who has been doing it professionally for 14 years (good god..where has my life gone?), your sysadmin is on crack. There's no more danger from a site that gets DDoS'd lots than any other site, as others have put forward here.
posted by Kickstart70 at 4:13 PM on September 13, 2005
posted by Kickstart70 at 4:13 PM on September 13, 2005
This thread is closed to new comments.
So these and other possibilities can be a bit of stretch, but s/he is not totally off-the-wall
posted by poppo at 7:28 AM on September 13, 2005