SBN

On the Topic Of ‘Stopping’ DDoS.

The insufferable fatigue of imprecise language with respect to “stopping” DDoS attacks caused me to tweet something that my pal @CSOAndy suggested was just as pedantic and wrong as that against which I railed:

The long and short of Andy’s displeasure with my comment was:

to which I responded:

…and then…

My point, ultimately, is that in the context of DDoS mitigation such as offload scrubbing services, unless one renders the attacker(s) from generating traffic, the attack is not “stopped.”  If a scrubbing service redirects traffic and absorbs it, and the attacker continues to send packets, the “attack” continues because the attacker has not been stopped — he/she/they have been redirected.

Now, has the OUTCOME changed?  Absolutely.  Has the intended victim possibly been spared the resultant denial of service?  Quite possibly.  Could there even now possibly be extra “space in the pipe?” Uh huh.

Has the attack “stopped” or ceased?  Nope.  Not until the spice stops flowing.

Nuance?  Pedantry?  Sure.

Wrong?  I don’t think so.

/Hoff

*** This is a Security Bloggers Network syndicated blog from Rational Survivability authored by beaker. Read the original post at: https://www.rationalsurvivability.com/blog/2014/03/on-the-topic-of-stopping-ddos/