| Hehehe I'm busy uploading HD Video to Vimeo... just doing my part to help bog down the internet  . As soon as more digital cameras and HD camcorders get online, there is going to be a serious bandwith issues all over the place. You find out just how bad your upload bandwidth sucks. Its useless when it comes to HD video, even when coded with X.264. |
|
| A REAL Solution I'd like to make an analogy: Anyone, and I mean anyone, can get a drivers license. It doesn't mean they have taken the time to learn correct driving techniques, how to check tire pressure, when to adjust speed in inclement weather...or for that matter even give a shit that their ignorance might just kill you the next time they drive down the road.
The same is true of a vast, global, demographic of "computer" users. I'd like to propose a solution that would not prevent DDOS, but would certainly have an impact on this form of criminality.
I've run computers since the earliest days of the internet. Packet inspecting hardware routers were the earliest form of defense, and still are. As soon as the first reliable software firewalls became available I was on board.
If operating system developers and software firewall developers collaborated in developing code that informed a server as to the level of protection that the machine had ,or did not have, the server could then allow or deny access, by that machine, based upon it's threat level.
I realize there is little that can be done to stop the machines who's ignorant and/or doesn't give a shit owner has already allowed it to become a bot.
But from the point forward of implementing this type of self-checking system, it would not take the ignorant of this world very long to figure out that if they want access to internet then they best step up to the mark!
Regards,
Bubbaleone |
|
|
|
 yaplejPremium
join:2001-02-10
White City, OR | Its already out there. Its called NAC(Network Access Control) from Cisco, or NAP(Network Access Protection) from Microsoft. Both work with software on the PC, the access layer hardware, and a server to validate if a PC meets security policies before being allowed on a network. Its normally used for enterprise networks.
--
Open Source WAN Accelerator
»trafficsqueezer.sourceforge.net/ |
|
| yaplej, thanks for that info. What I'm talking about is initiating systems like these on a global infrastructure, not just private enterprise nets.
I love that the internet has always been a bastion for the freedom of speech, that from the beginning every effort has been made to not impose restrictive regulations on it's use.
However, there comes a time when the activities of a criminal minority begin to impinge upon the rights of the law-abiding majority, to such an extent, that there is no solution except much tougher regulation.
Regards,
Bubbaleone |
|
| reply to bubbaleone
said by bubbaleone:If operating system developers and software firewall developers collaborated in developing code that informed a server as to the level of protection that the machine had ,or did not have, the server could then allow or deny access, by that machine, based upon it's threat level. I don't think that would work. You're trusting the machine to truthfully report its condition. What makes you think that Russian mobsters wouldn't get trojans to make the computers under their control lie about themseles? Remember, we're talking about drug-pushers/extortionists/credit-card-identity-thieves/etc.
I'll give you an analogous situation. There are idiot webmasters whose websites "do not support other browsers". If I run the usaer-agent add-in for Firefox, I can set it to lie to webservers, and claim to be IE7. And Firefox actually does work on a lot of these sites.
Another example is when the a**holes at MSN deliberately looked for Opera7 and sent it a broken style-sheet, when Opera could render the regular IE style sheet just fine. See »www.theregister.co.uk/2003/02/06···browser/ Opera got around that by sending a fake user agent ("Oprah") to the webserver.
Same principle here. If you don't fully trust the remote machine not to be hostile, how can you trust a status report from that machine? |
|
