Forwarded from: covert_one <covert_oneat_private> It would seem that either ISPs or companies suspectable to DoS attacks need to have a sysadmin on site 24/7 - better yet have a secsysadmin on site(or remote location) to monitor and respond to 'inappropriate' network activity. someone with some training could reconise a DoS attack and take action, block the IP, contact the ISP to shut it off. Also if ISPs WOULD make users liable for their attacks, weither they did it or not, would perhaps stop some users due to criminal/civil liabilities. If a college or ISP was to be charged for their machines parcipating in a DDoS attack, then they would take security more seriously. Laws and regulations could/should force people that put machines on line to conform to certain specifications for security. Unpatched servers could have the owner fined for not keeping their box secure. But thats a non-existant department of the USG. Just an idea C0VERTl > -----Original Message----- > From: InfoSec News [mailto:isnat_private] > Sent: Saturday, April 13, 2002, 12:58 AM > To: isnat_private > Subject: Re: [ISN] UMass computer scientist offers a new way to track internet > vandals > > Forwarded from: Russell Coker <russellat_private> > > On Fri, 12 Apr 2002 10:02, you wrote: > > > become so overwhelmed with traffic that they crash. Micah Adler, an > > assistant professor at the University of Massachusetts Department of > > Computer Science, has developed a new technique for determining the > > source of such an attack that requires only adding a single bit of > > information to messages sent across the Internet. > > Of course if everyone put filters on their edge routers that prevented > their customers from faking source IP addresses then it would be much > easier to identify the attacker, and would make it possible to filter > the attacks out (if the attack starts at 6PM local time for the > attacker then you have no chance of getting the local administrator to > do anything for more than 12 hours), core routers don't get filters, > so you must be able to filter what you receive. > > Also big ISPs are very wary of making any changes to core routers. > Getting them to replace the firmware with a new version that has a > major new feature such as this enabled will be next to impossible. _::Quote of the Moment::_ If you go through life trying to make everyone happy, you will not be happy _::Suggested Song of the Moment::_ The Romantics "Rock You Up" and "What I like about you" Golden Earring "Radar Love" Beastie Boys "Sabotage" Otis and the Kingsmen "Louie, Louie" *** Rubi-Con 4 Hacking Convention is over*** Read about the people and events from C0VERTl's perspective here: http://c0vertl.tripod.com/digital.htm [[[[[[>-Contact C0VERTl-<]]]]]] AIM: C0VERT0NE Yahoo Messenger: C0VERTl Best Email: covert_oneat_private Feed Your Brain visit the Digital Nomad Website http://c0vertl.tripod.com/digital.htm [[[[[[[[[[[[[[[[[-]]]]]]]]]]]]]]]]] - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Apr 16 2002 - 04:14:04 PDT