Re: Recent Attacks

From: Marcus J. Ranum (mjrat_private)
Date: Tue Feb 15 2000 - 15:35:59 PST

Next message: Marcelo Barbosa Lima: "RPC, Portmapper binding and firewalls"

Previous message: Robert Graham: "RE: Automated IDS response"
Maybe in reply to: hndat_private: "Recent Attacks"
Next in thread: Don Kendrick: "Re: Recent Attacks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>But the key word is survivability.  What can be done to make the network
>more survivable?

There are a small number of really smart people working on that.
The good news is that there are really smart people working on it.
The bad news is that it's a "hard problem."

>Punishing them with litigation makes the physche feel better, but the
>hole in the network still exists and the next guy to exploit it may be
>looking for much more from all of us.

Right. This is, again, a social problem, not a technical one.
We can endlessly debate the question of whether deterrence
has any value in preventing crime (getting singaporeans to
debate that issue against new yorkers is a really really fun hobby, BTW)
but let's not. (IN fact, I'll exercise my moderator's privileges
and quench such a debate!) ;)

>   If I read correctly, we will
>always have vandals.  What we need to do is punish them in a way
>appropriate, identify what the "real" problems are, and then try to
>bring the "good guy" community together to plug the holes.

Precisely. The "hard problem" of the moment is to even
accurately identify who's doing it. There are all kinds of
issues including making sure that the identification is one
that will stand up in court. Imagine explaining to a non-technical
jury some kind of cryptographic watermarking of packets, or
whatever, and how it proves the defendant did or didn't do
something - ugh!

>     What's the best way to do that?

Well, honestly? I don't know. I don't think anyone does.

I believe that most answers will fall back to increasing the
amount of accountability that exists within networks by several
orders of magnitude or more. That will be extremely expensive.
My guess is it'll happen.

A friend forwarded me an amazing report today; I've excerpted
some of it below. Contemplate this and realize that the Big
Money Guys aren't gonna put up with this kind of sh@t for very
much longer:"
Last week's distributed denial-of-service attacks that hit a
number of top 10 Web sites cost those companies more than
$1.2 billion, according to the Yankee Group.

In a report, the Yankee Group asserts that the attacks
resulted in capitalization losses that exceeded $1 billion
on the days of the attacks, and revenue loss of both sales
and advertisement revenue is expected to exceed $100 million
for the sites, which include eBay, Buy.com, E-Trade, and
Amazon.com."

mjr.

Next message: Marcelo Barbosa Lima: "RPC, Portmapper binding and firewalls"
Previous message: Robert Graham: "RE: Automated IDS response"
Maybe in reply to: hndat_private: "Recent Attacks"
Next in thread: Don Kendrick: "Re: Recent Attacks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:03:51 PDT