Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Now this upsets me, irregardless of the reason

  • From: Joe Shaw
  • Date: Tue Feb 15 11:51:00 2000


On Mon, 14 Feb 2000, Henry R. Linneweh wrote:

> Its nice to know the government just fractured the network and raped
> everyone's security all to hell...

How so?

There have been several CERT advisories, as well as a workshop on these
types of DDoS attacks over the last few months, and well in advance of the
four day notice given to banks.  These new DDoS attacks were discovered
last August and covered in depth since then, not to mention that smurf is
now years old.  However, there's not much an entitiy can do to effectively
and proactively defend themselves against these attacks, but we've covered
that.

> http://www.techserver.com/noframes/story/0,2294,500168253-500214982-501008574-0,00.html
>
> Banks warned of impending Web attacks days before they occurred

The fact that banks only got information about these attacks some 4 days
before these high-profile attacks is disturbing because it shows clearly
that the current state of security information distribution, even with
cutting edge info from Bugtraq, and the snale-paced releases from CERT,
isn't enough to spread relevent information if people keep their heads
burried in the sand.

What's even more alarming is that this information was made public by both
channels as of December and from the recent posts I'd gather that a lot of
the people on this list didn't know either until after the lengthy
discussion here on NANOG, which was during/after the attacks.  What does
that say?

I'm sure we all work hard, but ignorance is no excuse.  And, while it is a
bit alarming that these financial institutions are not sharing their
information, I firmly believe they're getting their information from the
same channels everyone else does.  I'm pretty sure bugtraq gets the 0-day
long before they do, and if not, I'd certainly like to know who's doing
their research for them.

However, what really worries me, is that executives have been invited to a
discussion that I would hope requires more technical understanding and
common sense than business savvy.  But, from what I've read this meeting
is more about company secrets and politics.  At least mudge and a few
academics will be there...

--
Joseph W. Shaw - jshaw@insync.net
Computer Security Consultant and Programmer
Free UNIX advocate - "I hack, therefore I am."

> --
> Thank you;
> |--------------------------------------------|
> | Thinking is a learned process so is UNIX   |
> |--------------------------------------------|
> Henry R. Linneweh







Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.