Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Cutting to the chase (was RE: ABOVE.NET SECURITY TRUTHS?)

  • From: Travis Pugh
  • Date: Sat Apr 29 09:31:04 2000

On Fri, 28 Apr 2000, Paul Ferguson wrote:

> 
> Now that this topic has been brought up, I have a question
> to the list in general.
> 
> I have suggested to Susan Harris (who does a FANTASTIC job
> of putting the NANOG meeting agenda together) that it might
> be interesting to have a panel session at the Albuqureque
> NANOG consisting of several folks (including popular trade
> press journalists) to discuss the "damage factor" in
> disinformation.
> 
> I have personally been appalled at the lack of accuracy in
> the more recent reports of service provider outages that have
> been erroneously reported as being due to "hacker attacks" or
> DoS attacks.

The AboveNet report I saw on Computerworld:
http://www.computerworld.com/home/print.nsf/(frames)/000427D962?OpenDocument&~f

Says the FBI is looking for a DoS attacker, calls the incident a DoS
attack, and generally leaves no room for the uneducated reader to
understand that their ISP is not in imminent danger of being blown off the
'net by a copycat ... DESPITE a variety of concise, easily understandable
quotes from Paul Vixie which dismiss this possibility.  

> 
> This has led to excessive fear-mongering & FUD, and tends to
> reduce the confidence in the service provider community, and
> in my humble opinion, needs to be addressed.
> 
> What does the list, in general, think about this proposal?

If we were to educate the press, it would require something closer to
full disclosure in the event of an incident on any of our
networks.  Reporters aren't going to pay any attention to what is
discussed at a panel at NANOG if the next incident doesn't include enough
information that they don't have to speculate wildly about the cause.  Any
decent reporter is not going to be happy with an intentionally-vague press
release from the PR department, and they will print incorrect information
rather than nothing at all.

AboveNet should be thanked for their response to this incident
... and if we all responded the same way it would be possible to get
accurate information in trade rags.  There is a price to pay for
full-disclosure, however, since it tends to *really* piss off PR and
corporate managers.


> 
> Thanks,
> 
> - paul
> 

-travis






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.