ComputerWorld: Update: Mafiaboy a copycat; attacks could have been stopped

“The Canadian teen-ager known as Mafiaboy, who was arrested this
week (see story) in connection with an attack against the CNN Web
site in February, is an amateur who simply copied tactics used by
far more sophisticated attackers who may never be caught, security
analysts say.”

“Davis said another piece of the problem lies with the fact
that Internet service providers (ISPs) and other outfits that make
up the Internet backbone aren’t using Ingress filtering, which
prevents packet spoofing.
The denial-of-service attacks
defeated many defenses because the packets flooding targeted
servers appeared to be coming from a legitimate source. Ingress
filtering can determine if a packet was indeed sent from that
location, and if its address is spoofed, it’s stopped at the

“But Michael Lyle, chief technology officer at Recourse
Technologies Inc. in Palo Alto, Calif., noted that this type of
filtering affects network performance. In addition, the database
for IP addresses isn’t always accurate and could result in a loss
of legitimate network traffic. “Databases need to get better and
there needs to be better tools for putting together filtering lists
for different service providers automatically,” said Lyle.”