NetEqualizer News Blog

I just read another article on DDOS attacks and how companies are being extorted.  As usual I am thinking way out of the box again.

Background on the mechanics of DDOS attack

The raw tools of  DDOS attacker are made possible by  the billions computing devices sitting around  the world attached  to the Internet.   A DDOS attacker probes constantly for computers to hack, and then once they have access to  several hundred or more in their control , they can point  them to any business, sending a storm of data requests jamming  Internet links from the outside. Think of a million people trying to cram into the door of your apartment all at once, you would be trapped inside.

I know first hand this can happen. I put some vulnerable poorly written HTML code on a home computer I was  testing with , and somebody found it , exploited the HTML code and turned it into an attacking computer.

The best and perhaps the only reliable way to stop a DDOS attack is to stop it at the source computers. The problem here is that these are privately owned and are maintained by people that usually have no idea that their computer has been hijacked.  The larger providers do have fairly sophisticated software to detect attacks coming from home users but obviously this is not working very well.

Despite how Orwellian this might sound , I am thinking that perhaps some government standard built into the line cards that connect to the Internet is where we will find a solution.    Okay, I can hear the groans and feel the tomatoes hitting my face , but before you pass judgment , remember these attacks are terroristic in nature. We debate heavily over gun control and the second amendment, and yet we sort of sit idly by and take  trillions in dollars of economic hits from internet terrorists.

A technical solution is quite feasible and here is how it would work. 

Most of the devices that connect computers to the Internet have mini computers built into them. These computers that handle the lowest level of communication are basically factory sealed at the time of manufacture. For example: the computer chips inside wireless Lan cards that connect you to the outside world, they have little factory sealed computer programs.

The footprint of a DDOS attack going out is much different than normal usage patterns and could be easily spotted and detected by the chip sets in these line cards.

The EPA regulates the smoke stacks on coal power plants and the emissions on cars to keep our air clean. The same precedent could be used to regulate any device that connects to the internet. It is absurd at the ease of which a few people can bring down entire multi billion dollar corporations. By inserting a simple logic  in the chip sets of consumer devices we could detect and disable DDOS attack attempts before they get going. In essence  we would remove the criminals tool set , perhaps entirely in a matter of a few years . The beauty of this proposal is that it would have no effect on the operating systems that computers use.  IOS , Linux, Windows would not require any updates, only the platforms that they run on.

I am likely about 10 years ahead of my time with this writing , but I suspect given the rise of DDOS attacks this may be a very viable solution. We’ll see when the dust settles.