Comments on: The problem of monoculture http://www.rentedmetal.com/the-problem-of-monoculture/ Just because you don't own it, doesn't mean it's not your problem. Wed, 17 Mar 2010 14:02:52 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Steve Shah http://www.rentedmetal.com/the-problem-of-monoculture/comment-page-1/#comment-195 Steve Shah Thu, 03 Jul 2008 06:04:39 +0000 http://www.bitcurrent.com/?p=144#comment-195 This is actually a much older problem, one felt by large web sites and large ISPs. For example, the classic issue is where an attacker launching a an attack with IP addresses spoofed from AOL's proxy servers could make a poorly managed web site shut off what may have been one of its largest user bases. The inverse problem was seen in spam control -- casual glance of IP blocks for spam senders could make dumb spam catchers block off all of Hotmail. The unfortunate answer to the question of dealing with bad guys is that you don't block at the network level. Your best bet is blocking at the application level, if you block at all. For spam control, it was the only method that is reliable. For attacks against web sites, filters on the HTTP protocol were the only way to cope with botnets flooding a site with bogus requests. The exception is human managed tables of networks that are considered "bad" -- spam control has used this with good results, but nice guys still get caught in friendly fire. This is actually a much older problem, one felt by large web sites and large ISPs. For example, the classic issue is where an attacker launching a an attack with IP addresses spoofed from AOL’s proxy servers could make a poorly managed web site shut off what may have been one of its largest user bases. The inverse problem was seen in spam control — casual glance of IP blocks for spam senders could make dumb spam catchers block off all of Hotmail.

The unfortunate answer to the question of dealing with bad guys is that you don’t block at the network level. Your best bet is blocking at the application level, if you block at all. For spam control, it was the only method that is reliable. For attacks against web sites, filters on the HTTP protocol were the only way to cope with botnets flooding a site with bogus requests. The exception is human managed tables of networks that are considered “bad” — spam control has used this with good results, but nice guys still get caught in friendly fire.

]]>