North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Government scrutiny is headed our way
- From: Karl Denninger
- Date: Tue Jun 16 14:21:17 1998
On Tue, Jun 16, 1998 at 10:44:47AM -0700, Michael Dillon wrote:
> Government scrutiny is headed our way
> The feds are worried that it is too hard to track down cyber attackers.
> Although the article doesn't say this explicitly I expect that it won't be
> long before we see politicians calling for some sort of mandated tracing
> capabilities between network providers
> And since IOPS http://www.iops.org/ is hosted by a government funded
> agency located on the outskirts of DC, I expect that it will be involved
> in this whole thing.
> If we could track attacks to their source more quickly, then government
> would not feel the need to intervene. This may require some changes to
> router software but unless network operators ask for the changes, the
> manufacturers will not do it.
> We need some sort of protocol that will recursively track spoofed source
> address packets back to their source one hop at a time. Given a
> destination address the protocol would track it to the previous hop router
> and recurively initiate the same tracking procedure on that router. Once
> the attack is tracked to the source, the probe would unroll and report the
> results to all routers along the probe path for logging or reporting.
> We have seen that when misconfigured equipment can be quickly identified,
> such as the smurf amplifiers, then we can apply pressure and get things
> fixed. Similarly if we can quickly identify the source of a spoofed source
> address attack then we can apply pressure to get filters in place and have
> people arrested or secure an insecure machine as the case may be.
> Michael Dillon - Internet & ISP Consulting
> Memra Communications Inc. - E-mail: firstname.lastname@example.org
> http://www.memra.com - *check out the new name & new website*
It is about goddamn time, and I hope the government DOES get involved.
Try calling ANY of the major NOCs to get a smurf traced. Good luck. I
have yet to have even attacks going on for more than an hour successfully
traced back to their source.
Karl Denninger (karl@MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin
http://www.mcs.net/ | T1's from $600 monthly / All Lines K56Flex/DOV
| NEW! Corporate ISDN Prices dropped by up to 50%!
Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS
Fax: [+1 312 803-4929] | *SPAMBLOCK* Technology now included at no cost