back to article FBI v the bots: Feds urge denial-of-service defense after critical infrastructure alert

The US government has recommended a series of steps that critical infrastructure operators should take to prevent distributed-denial-of-service (DDoS) attacks. Thursday's alert comes just days after the Feds warned about destructive cyber intrusions emanating from China, and also formed a water sector cybersecurity task force …

  1. amanfromMars 1 Silver badge

    Vapourware does not provide any realistic defence facilities

    And pimping the defence of the indefensible with the reprehensible is a bottomless moneypit more than just suggesting a lack of native home intelligence and zero comprehension of the wider resultant consequences in airing such a vulnerability so easily exploited and expanded for all manner of novel anonymous second and third party advantage and functional gain.

    Stupid is as stupid does though, and aint that a true fact that just cannot stop itself from constantly giving.

  2. Whitter
    Terminator

    Captcha

    Do captchas actually work these days?

    Last I heard, the bots were better at them than humans are.

  3. t245t Silver badge
    Facepalm

    Risk assessment of DDoS attacks against critical infrastructure

    Cisa: “The US government has recommended a series of steps that critical infrastructure operators should take to prevent distributed-denial-of-service (DDoS) attacks.

    “Risk Assessment, Network Monitoring, Traffic Analysis, Implement Captcha, Incident Response Plan, DDoS Mitigation Service, Bandwidth Capacity Planning, Load Balancing, Firewall Configuration”:

    t245t: And don't connect your critical infrastructure directly to the InterTUBES /s

  4. Anonymous Coward
    Anonymous Coward

    Prevent DDOS? Good Luck with that!

    Many bureaucrats (whether they claim cybersecurity in their title or not) have no useful technical understanding of what they are talking about. This is particularly true of that specific organization, which has a penchant for driving out any actual expertise that tells them things they don't want to hear.

    To be fair, even otherwise smart academics have trouble grasping the down and dirt realities of cyberthreats and denial of service. I remember a presentation by a PhD candidate on his sure fire way to handle denial of service. Skipping past the details, it modified the TCP 3-way handshake by the server sending back a computationally difficult problem that would take several seconds to solve before completing the connection, thus slowing the attackers to a crawl.

    The academic was very proud of this and I said, "Congratulations, you just made everything worse!"

    He was shocked and affronted. "I explained that now his server needs to maintain problem state data for every attempted connection. The attacker is just going to drop the problem on the floor and initiate a new connection attempt over and over."

    He looked at me and sputtered, "But ... but .. that would violate protocol!"

    We won't even go into spoofing, UDP, reflection, ...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like