On the Topic Of ‘Stopping’ DDoS.
The insufferable fatigue of imprecise language with respect to “stopping” DDoS attacks caused me to tweet something that my pal @CSOAndy suggested was just as pedantic and wrong as that against which I railed:
I think it's fair to say that you can't "stop" a DDoS attack unless you can dispatch the endpoints used for its bidding. "Weather," perhaps
— Hoff (@Beaker) March 11, 2014
The long and short of Andy’s displeasure with my comment was:
@Beaker in the same way you can’t “stop” a punch by blocking it?
— Andy Ellis (@csoandy) March 11, 2014
to which I responded:
RT @csoandy: @Beaker in the same way you can’t “stop” a punch by blocking it? < You deflect it. You didn't "stop" it OR prevent another…
— Hoff (@Beaker) March 11, 2014
…and then…
@Beaker an attack goes from point A to point B. If you intercept an halt it en route, you have stopped it.
— Andy Ellis (@csoandy) March 11, 2014
My point, ultimately, is that in the context of DDoS mitigation such as offload scrubbing services, unless one renders the attacker(s) from generating traffic, the attack is not “stopped.” If a scrubbing service redirects traffic and absorbs it, and the attacker continues to send packets, the “attack” continues because the attacker has not been stopped — he/she/they have been redirected.
Now, has the OUTCOME changed? Absolutely. Has the intended victim possibly been spared the resultant denial of service? Quite possibly. Could there even now possibly be extra “space in the pipe?” Uh huh.
Has the attack “stopped” or ceased? Nope. Not until the spice stops flowing.
Nuance? Pedantry? Sure.
Wrong? I don’t think so.
/Hoff
*** This is a Security Bloggers Network syndicated blog from Rational Survivability authored by beaker. Read the original post at: https://www.rationalsurvivability.com/blog/2014/03/on-the-topic-of-stopping-ddos/