[ISN] Symbiot launches DDoS counter-strike tool

From: InfoSec News (isn@private)
Date: Wed Mar 10 2004 - 23:41:07 PST

  • Next message: InfoSec News: "[ISN] Update: Microsoft rethinks latest security patch"

    http://news.zdnet.co.uk/0,39020330,39148215,00.htm
    
    Munir Kotadia
    ZDNet UK
    March 10, 2004
    
    Security company Symbiot is about to launch a product that can hit
    back at hackers and DDoS attacks by lashing out with its own arsenal
    of tricks, but experts say it may just be a bit too trigger-happy
    
    Symbiot, a Texas-based security firm, is preparing to launch a
    corporate defence system at the end of March that can fight back
    against distributed denial-of-service (DDoS) and hacker attacks by
    launching a counter-strike.
    
    In advance of the product launch, Symbiot's president, Mike Erwin, and
    its chief scientist, Paco Nathan, have outlined a set of "rules of
    engagement for information warfare", which they say should be part of
    corporate security policy to help companies determine their exact
    response to an incoming attack.
    
    "Until today, security solutions have been totally passive in nature.  
    Merely erecting defensive walls around the perimeter of an enterprise
    network is not an adequate deterrent," said Erwin, who argues that to
    have a complete defence in place, offensive tactics must be employed.  
    The company said it bases its theory on the military doctrine of
    "necessity and proportionality", which means the response to an attack
    is proportionate to the attack's ferocity. According to the company, a
    response could range from "profiling and blacklisting upstream
    providers" or it could be escalated to launch a "distributed denial of
    service counter-strike".
    
    Security experts expressed alarm at the company's plans.
    
    Graham Titterington, principal analyst at Ovum, said "such a
    counterattack would not be regarded as self-defence and would
    therefore be an attack. It would be illegal in those jurisdictions
    where an anti-hacking law is in place." He added that because many
    hacking and DDoS attacks are launched from hijacked computers, the
    system would be unlikely to find its real target: "Attacks are often
    launched from a site that has been hijacked, making it an unwitting
    and innocent -- although possibly slightly negligent -- party."
    
    Richard Starnes, director of incident response at Cable and Wireless
    Managed Security Services, said he would not employ an "active defence
    technique" because there are legal and ethical issues involved. Also,
    he would not be happy about any product "specifically designed to
    launch attacks" being put into commercial production. Starnes said it
    would be easy to hit the wrong target and even if it was the right
    target, there could be collateral damage: "You may be taking out
    grandma's computer in Birmingham that has got a 100-year-old cookie
    recipe that has not been backed up. The attack could also knock over a
    Point of Presence (PoP), so you are not only attacking the target, but
    also the feeds before them -- this means taking out ISPs, businesses
    and home users."
    
    Jay Heiser, chief analyst at IT risk management company TruSecure,
    said that he expects the product to have "emotional appeal" to
    companies that have been targets, but "that is a very bad criterion
    for choosing risk-reduction measures."
    
    "There is no evidence that this is the most effective way to deal with
    the problems and there is quite a bit of historical precedence that
    indicates it is totally counterproductive," added Heiser.
    
    Governments could soon be using hacker tools for law enforcement and
    the pursuit of justice, according to an expert on IT and Internet law.  
    Joel Reidenberg, professor of law at New York-based Fordham
    University, believes it likely that denial of service attacks (DoS)  
    and packet-blocking technology will be employed by nation states to
    enforce their laws. This could even include attacks on companies based
    in other countries, he says.
    
    ZDNet UK's Graeme Wearden contributed to this story.
     
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Mar 11 2004 - 01:51:24 PST