RE: CRIME ZDNet UK: Symbiot launches DDoS counter-strike tool

From: Richardson, John (john.richardson@private)
Date: Thu Mar 11 2004 - 09:22:01 PST

  • Next message: Crispin Cowan: "Re: CRIME ZDNet UK: Symbiot launches DDoS counter-strike tool"

    This reminds me of an old Steven Wright line...  He says something like,
    "I bought a humdifier and a dehumidifier.  I locked them in a room to
    let them duke it out." 
    
    -----Original Message-----
    From: owner-crime@private [mailto:owner-crime@private] On Behalf
    Of Dorning, Kevin E - DI-3
    Sent: Wednesday, March 10, 2004 4:47 PM
    To: 'Todd Ellner'; crime@private
    Subject: RE: CRIME ZDNet UK: Symbiot launches DDoS counter-strike tool
    
    So how long will it be before one of these counter attack wars itself
    brings the whole thing down around our heads?
    
    
    
    -----Original Message-----
    From: Todd Ellner [mailto:tellner@private]
    Sent: Wednesday, March 10, 2004 3:41 PM
    To: crime@private
    Subject: CRIME ZDNet UK: Symbiot launches DDoS counter-strike tool
    
    
    
    This ZDNET UK story has been forwarded to you by:
    Todd Ellner (tellner@private).
    
    They have added these comments:
    
    Oy vey.
    
    ------------------------------------------------------------
    http://news.zdnet.co.uk/internet/security/0,39020375,39148215,00.htm
    
    Symbiot launches DDoS counter-strike tool
    
    Munir Kotadia
    
    
    Symbiot, a Texas-based security firm, is preparing to launch a corporate
    defence system at the end of March that can fight back against
    distributed
    denial-of-service (DDoS) and hacker attacks by launching a
    counter-strike.
    In advance of the product launch, Symbiot's president, Mike Erwin, and
    its
    chief scientist, Paco Nathan, have outlined a set of "rules of
    engagement for
    information warfare", which they say should be part of corporate
    security
    policy to help companies determine their exact response to an incoming
    attack.
    "Until today, security solutions have been totally passive in nature.
    Merely
    erecting defensive walls around the perimeter of an enterprise network
    is not
    an adequate deterrent," said Erwin, who argues that to have a
    complete defence in place, offensive tactics must be employed. The
    company
    said it bases its theory on the military doctrine of "necessity and
    proportionality", which means the response to an attack is proportionate
    to
    the attack's ferocity. According to the company, a response could range
    from
    "profiling and blacklisting upstream providers" or it could be escalated
    to
    launch a "distributed denial of service counter-strike".
    Security experts expressed alarm at the company's plans.
    Graham Titterington, principal analyst at Ovum, said "such a
    counterattack would not be regarded as self-defence and would therefore
    be an
    attack. It would be illegal in those jurisdictions where an anti-hacking
    law
    is in place." He added that because many hacking and DDoS attacks
    are
    launched from hijacked computers, the system would be unlikely to find
    its
    real target: "Attacks are often launched from a site that has been
    hijacked,
    making it an unwitting and innocent -- although possibly slightly
    negligent
    -- party."
    Richard Starnes, director of incident response at Cable and Wireless
    Managed
    Security Services, said he would not employ an "active defence
    technique"
    because there are legal and ethical issues involved. Also, he would not
    be
    happy about any product "specifically designed to launch attacks" being
    put
    into commercial production. Starnes said it would be easy to hit the
    wrong
    target and even if it was the right target, there could be collateral
    damage:
    "You may be taking out grandma's computer in Birmingham that has got a
    100-year-old cookie recipe that has not been backed up. The attack could
    also
    knock over a Point of Presence (PoP), so you are not only attacking the
    target, but also the feeds before them -- this means taking out ISPs,
    businesses and home users."
    Jay Heiser, chief analyst at IT risk management company TruSecure, said
    that
    he expects the product to have "emotional appeal" to companies that have
    been
    targets, but "that is a very bad criterion for choosing risk-reduction
    measures."
    "There is no evidence that this is the most effective way to deal with
    the
    problems and there is quite a bit of historical precedence that
    indicates it
    is totally counterproductive," added Heiser.
    Governments could soon be using hacker tools for law enforcement and the
    pursuit of justice, according to an expert on IT and Internet law. Joel
    Reidenberg, professor of law at New York-based Fordham University,
    believes
    it likely that denial of service attacks (DoS) and packet-blocking
    technology
    will be employed by nation states to enforce their laws. This could even
    include attacks on companies based in other countries, he says. 
    ZDNet UK's Graeme Wearden contributed to this story.
    
    
    ------------------------------------------------------------------------
    
    If it moves, we cover it. See ZDNet UK's Mobile Technology News Section
    for the latest news, reviews and price checks on mobile phones, PDAs,
    notebook computers and anything else you can take away.
    
    Let the editors know what you think in the Mailroom.
     
    
    ZDNet News: The UK's best source for computing news - updated 
    throughout the day. http://news.zdnet.co.uk/
    
    Please report any abuse of this service to ukwebmaster@private
    
    Copyright (c) 2003 CNET Networks, Inc. All Rights Reserved.
    ZDNET is a registered service mark of CNET Networks, Inc. 
    ZDNET Logo is a service mark of CNET NETWORKS, Inc.
    



    This archive was generated by hypermail 2b30 : Thu Mar 11 2004 - 10:17:06 PST