Topic o Victims for scenarios o Municipality o 911 o PBX o Take out switch (using Internet) o Flood system with calls o Computer Aided Dispatch o IP connected o Sun SPARC system o 800MHz o (Didn't catch how it could be attacked via Internet) o Financial services company o Traders use telephone, intranet, Internet, email to take orders o Disruption of communications delays/prevents trades o Take out firewall, take out mail servers, take out voice comms o Public service (DoL) o ID theft o Attack targets/goals o Loss of availability to data o Theft of data o Alteration of data o Disruption of services (loss of communications) o DoS attack o Point to point o Connection oriented (can trace back to last hop) o Connectionless (may be spoofed, more difficult/impossible to trace back) o What about stepping stones? o Distributed o Sheer number overwhelms defenses o Difficult/impossible to trace o Time to respond by all involved sites too long o Distributed-reflected o "Attacking" hosts are legitimate servers, performing as designed o Traceback much harder (must be started at reflectors) o Responses o Block access locally? o Disrupt system remotely? o Disrupt network remotely? o Where do you launch counter-attack from? o How do you out-gun a large DDoS network? o Time frames o Long (weeks/months) o Medium (days/weeks) o Short (minutes/hours) o Loss (as a function of time) - how quickly do things go south? o Target intelligence (vulnerabilities, who is using, etc.) o Individual end points first? o All points en-route? o All hosts on target network? o Why are we here in the first place? o Sexy, but not secure (web based services) o Early adopter (VoIP) o Budget priorities (engineering over network infrastructure) o Monoculture with previously unknown vulnerability