CRIME ZDNet UK: Symbiot launches DDoS counter-strike tool

From: Todd Ellner (tellner@private)
Date: Wed Mar 10 2004 - 15:41:16 PST

  • Next message: Dorning, Kevin E - DI-3: "RE: CRIME ZDNet UK: Symbiot launches DDoS counter-strike tool"

    This ZDNET UK story has been forwarded to you by:
    Todd Ellner (tellner@private).
    
    They have added these comments:
    
    Oy vey.
    
    ------------------------------------------------------------
    http://news.zdnet.co.uk/internet/security/0,39020375,39148215,00.htm
    
    Symbiot launches DDoS counter-strike tool
    
    Munir Kotadia
    
    
    Symbiot, a Texas-based security firm, is preparing to launch a corporate
    defence system at the end of March that can fight back against distributed
    denial-of-service (DDoS) and hacker attacks by launching a counter-strike.
    In advance of the product launch, Symbiot's president, Mike Erwin, and its
    chief scientist, Paco Nathan, have outlined a set of "rules of engagement for
    information warfare", which they say should be part of corporate security
    policy to help companies determine their exact response to an incoming
    attack.
    "Until today, security solutions have been totally passive in nature. Merely
    erecting defensive walls around the perimeter of an enterprise network is not
    an adequate deterrent," said Erwin, who argues that to have a
    complete defence in place, offensive tactics must be employed. The company
    said it bases its theory on the military doctrine of "necessity and
    proportionality", which means the response to an attack is proportionate to
    the attack's ferocity. According to the company, a response could range from
    "profiling and blacklisting upstream providers" or it could be escalated to
    launch a "distributed denial of service counter-strike".
    Security experts expressed alarm at the company's plans.
    Graham Titterington, principal analyst at Ovum, said "such a
    counterattack would not be regarded as self-defence and would therefore be an
    attack. It would be illegal in those jurisdictions where an anti-hacking law
    is in place." He added that because many hacking and DDoS attacks are
    launched from hijacked computers, the system would be unlikely to find its
    real target: "Attacks are often launched from a site that has been hijacked,
    making it an unwitting and innocent -- although possibly slightly negligent
    -- party."
    Richard Starnes, director of incident response at Cable and Wireless Managed
    Security Services, said he would not employ an "active defence technique"
    because there are legal and ethical issues involved. Also, he would not be
    happy about any product "specifically designed to launch attacks" being put
    into commercial production. Starnes said it would be easy to hit the wrong
    target and even if it was the right target, there could be collateral damage:
    "You may be taking out grandma's computer in Birmingham that has got a
    100-year-old cookie recipe that has not been backed up. The attack could also
    knock over a Point of Presence (PoP), so you are not only attacking the
    target, but also the feeds before them -- this means taking out ISPs,
    businesses and home users."
    Jay Heiser, chief analyst at IT risk management company TruSecure, said that
    he expects the product to have "emotional appeal" to companies that have been
    targets, but "that is a very bad criterion for choosing risk-reduction
    measures."
    "There is no evidence that this is the most effective way to deal with the
    problems and there is quite a bit of historical precedence that indicates it
    is totally counterproductive," added Heiser.
    Governments could soon be using hacker tools for law enforcement and the
    pursuit of justice, according to an expert on IT and Internet law. Joel
    Reidenberg, professor of law at New York-based Fordham University, believes
    it likely that denial of service attacks (DoS) and packet-blocking technology
    will be employed by nation states to enforce their laws. This could even
    include attacks on companies based in other countries, he says. 
    ZDNet UK's Graeme Wearden contributed to this story.
    
    
    ------------------------------------------------------------------------
    
    If it moves, we cover it. See ZDNet UK's Mobile Technology News Section
    for the latest news, reviews and price checks on mobile phones, PDAs,
    notebook computers and anything else you can take away.
    
    Let the editors know what you think in the Mailroom.
     
    
    ZDNet News: The UK's best source for computing news - updated 
    throughout the day. http://news.zdnet.co.uk/
    
    Please report any abuse of this service to ukwebmaster@private
    
    Copyright © 2003 CNET Networks, Inc. All Rights Reserved.
    ZDNET is a registered service mark of CNET Networks, Inc. 
    ZDNET Logo is a service mark of CNET NETWORKS, Inc.
    



    This archive was generated by hypermail 2b30 : Wed Mar 10 2004 - 16:27:34 PST