DDOS harmful to me?
September 13, 2005 7:14 AM   Subscribe

My Sysadmin blocks sites that are known targets of DDOS attacks, saying that there's a risk to us as well. I argued that I don't believe that to be so, I don't see how a site being the subject of a DOS attack can possibly harm me becausing I am browsing there. Am I wrong? Can a DDOS attack hurt my computer (or our network) in some way I don't know about?
posted by BlueScreen to Technology (10 answers total)
Generally, no, you shouldn't have to worry about surfing to a site that is DDoS'd regularly. However, perhaps your admin thinks that if this site is a regular target for attacks, other attacks besides a DDoS may be successful in the future. And yes, it is possible for you to surf to a site that is "owned" and accidentally bring trouble to your company, whether it's by the accidental download of malicious code, cross site scripting, or even making your company a new target just by going to the site and leaving your IP address in the logs.

So these and other possibilities can be a bit of stretch, but s/he is not totally off-the-wall
posted by poppo at 7:28 AM on September 13, 2005

So these and other possibilities can be a bit of stretch, but s/he is not totally off-the-wall

Oh, I disagree. Everything you mentioned is a casual danger just by surfing the net in general, irrespective of the server-in-question's victim status in repeated DDoS attacks. By the Sysadmin's rationale, he shoud just close off all outgoing ports on the firewall, and sit in the dark.

I always tell my clients, people in my office, random people off the street, people I call at 2am (etc): The internet is like the wild west. If you leave your house without your six-shooter, you're just asking for it.
posted by thanotopsis at 8:37 AM on September 13, 2005

Oh, I disagree.

I'm not defending the Sys Admin, just trying to come up with rationalizations for his/her decision.
posted by poppo at 8:52 AM on September 13, 2005

In fact, Thano, I think we're in complete agreement. The internet is a dangerous place. The question BlueScreen asked was "Can my computer be harmed by this?" Answer is no, not technically by the DDoS itself, but here are x, y, and z that your Sys Admin may be thinking about.
posted by poppo at 9:16 AM on September 13, 2005

but here are x, y, and z that your Sys Admin may be thinking about.

My point is that the SysAdmin doesn't get that excuse. He should be thinking about that for all sites. If that scares him to the degree that he needs to block those sites, then he needs to block all of them. Seeing as that's a ridiculous scenario, blocking those sites that he has already (for the reasons he's given) seems equally ridiculous.
posted by thanotopsis at 9:44 AM on September 13, 2005

Sounds like your sysadmin should read Bruce Schneier's book on managing risk.

Blocking known DDoS targets may reduce your risk (basically in the way poppo described: a known DDoS target is probably also the target of other types of attacks, one of which could include a component that owns browsers that visit the web site). But every computer on the Internet is the target of attacks like that, in the form of worms, so it's not clear why DDoS targets should be a special case.

In fact, you could argue that since a DDoS target is going to be offline more than other sites -- the DoS in DDoS does stand for "Denial of Service" after all -- they would be a safer site to surf to, since it might take a little longer to get infected when a worm starts going around.

You're putting up with a large inconvenience (not being able to access these web sites -- Yahoo, Amazon and Microsoft are all, or have been, DDoS targets -- have they been blocked?) in return for little to no reduction in risk.
posted by event at 9:57 AM on September 13, 2005

well said
posted by poppo at 10:20 AM on September 13, 2005

IMHO, the SysAdmin isn't thinking it through. The fact that a site has been attacked doesn't somehow make it a "carrier" of DDoS.

This sort of thinking occurs with purebread dogs. If a purebred female is impregnated by a mutt, she is considered to be "polluted," and her offspring can no longer be called purebred, even if she is bred to a purebred male. (The same thing happens with breeding stock cattle.)

It just ain't so.
posted by KRS at 10:38 AM on September 13, 2005

Could your SysAdmin be blocking the sites because he doesn't want his computers contributing to a DDoS attack? Perhaps his thinking is, if one of my PCs gets owned it will be less of a problem if it can't participate in the DDoS attack that it is programmed to participate in.
posted by HiddenInput at 11:12 AM on September 13, 2005

Speaking as a sysadmin who has been doing it professionally for 14 years (good god..where has my life gone?), your sysadmin is on crack. There's no more danger from a site that gets DDoS'd lots than any other site, as others have put forward here.
posted by Kickstart70 at 4:13 PM on September 13, 2005

« Older Sports watch & formal clothing   |   Web 2.0 Disaster Relief Effort Newer »
This thread is closed to new comments.