Re: [ISN] UMass computer scientist offers a new way to track internet vandals

From: InfoSec News (isnat_private)
Date: Tue Apr 16 2002 - 00:29:07 PDT

  • Next message: InfoSec News: "Re: [ISN] Should virus writers be allowed to post harmful code on the Web?"

    Forwarded from: covert_one <covert_oneat_private>
    It would seem that either ISPs or companies suspectable to DoS attacks
    need to have a sysadmin on site 24/7 - better yet have a secsysadmin
    on site(or remote location) to monitor and respond to 'inappropriate'
    network activity. someone with some training could reconise a DoS
    attack and take action, block the IP, contact the ISP to shut it off.
    Also if ISPs WOULD make users liable for their attacks, weither they
    did it or not, would perhaps stop some users due to criminal/civil
    liabilities. If a college or ISP was to be charged for their machines
    parcipating in a DDoS attack, then they would take security more
    Laws and regulations could/should force people that put machines on
    line to conform to certain specifications for security. Unpatched
    servers could have the owner fined for not keeping their box secure.
    But thats a non-existant department of the USG.
    Just an idea
    > -----Original Message-----
    > From: InfoSec News [mailto:isnat_private]
    > Sent: Saturday, April 13, 2002, 12:58 AM
    > To: isnat_private
    > Subject: Re: [ISN] UMass computer scientist offers a new way to track internet
    >  vandals 
    > Forwarded from: Russell Coker <russellat_private>
    > On Fri, 12 Apr 2002 10:02, you wrote:
    > > become so overwhelmed with traffic that they crash. Micah Adler, an
    > > assistant professor at the University of Massachusetts Department of
    > > Computer Science, has developed a new technique for determining the
    > > source of such an attack that requires only adding a single bit of
    > > information to messages sent across the Internet.
    > Of course if everyone put filters on their edge routers that prevented
    > their customers from faking source IP addresses then it would be much
    > easier to identify the attacker, and would make it possible to filter
    > the attacks out (if the attack starts at 6PM local time for the
    > attacker then you have no chance of getting the local administrator to
    > do anything for more than 12 hours), core routers don't get filters,
    > so you must be able to filter what you receive.
    > Also big ISPs are very wary of making any changes to core routers.  
    > Getting them to replace the firmware with a new version that has a
    > major new feature such as this enabled will be next to impossible.
    _::Quote of the Moment::_
       If you go through life trying to make everyone happy, you will not 
    be happy
      _::Suggested Song of the Moment::_
        The Romantics "Rock You Up" and "What I like about you"
        Golden Earring "Radar Love"
        Beastie Boys "Sabotage"            
        Otis and the Kingsmen "Louie, Louie"
    *** Rubi-Con 4 Hacking Convention is over***  Read about the people 
    and events from C0VERTl's perspective
         [[[[[[>-Contact C0VERTl-<]]]]]]
                AIM: C0VERT0NE
          Yahoo Messenger: C0VERTl
       Best Email: covert_oneat_private
       Feed Your Brain visit the Digital Nomad Website
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Apr 16 2002 - 04:14:04 PDT