Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: FW: Re: Is there a line of defense against Distributed Reflective attacks?

  • From: todd glassey
  • Date: Wed Jan 22 22:21:46 2003

Andy -
----- Original Message -----
From: "Andy Dills" <andy@xecu.net>
To: "todd glassey" <todd.glassey@worldnet.att.net>
Cc: "Vadim Antonov" <avg@kotovnik.com>; <nanog@trapdoor.merit.edu>
Sent: Wednesday, January 22, 2003 9:07 AM
Subject: Re: FW: Re: Is there a line of defense against Distributed
Reflective attacks?


> On Tue, 21 Jan 2003, todd glassey wrote:
>
> >
> > Vadim - the newest form of SPAM uses the Messenger facility to place a
> > pop-up in the middle of your screen without any email, pop, smtp or
other
> > service being involved. I apologize for the tone of the first posting,
but I
> > still stand by it. When ISP's are held accountable for what people do
with
> > the BW they sell them, then these issues will all be moot. Until then,
the
> > lie is that there is no way to stop these behaviors and its the one the
> > ISP's proffer exclusively.
>
> No, we evil network admins are NOT saying there is no way to stop these
> behaviors. We're saying that the solutions put such a crimp on open
> standards and legitimate behavior that their value is negative.

Who gave you the right to decide which laws you were going to abide by and
which ones you were not?

> The
> problem is a social one, not a technical one. The technical problem is the
> vulnerability that exists; the social problem is that as long as ANY
> vulnerability exists, people will try to exploit that vulnerability.

The reason that the vunerability is there is becuase of TCP/IP's inherent
weaknesses, but that aside, there are processes that could easily be put in
place to address these issues, the problem is that they cost money and that
means they have to be paid for and ISP's like many other businesses are run
to be as profitable as possible so that means that their owners will do as
little as humanly possible to address these issues to keep the bottom lines
where they are... Otherwise there wouldn't be the problems with SPAM and
DDoS
or other Attack Forms that exist today.

> Technology can mitigate the vulnerabilities, but it cannot mitigate the
> desire to exploit.

So then the problem is the ISP's facilitating the evil forces of the world
to do their worst???

>
> For instance, substitute "airport" for "network", as in "airport
> security".

Well, this is really funny - see I used to do Network and Systems Operations
for UAL at the SFO site and I think your commentary is so funny its almost
ludicrous. The problems with the Airlines is the ALPA and its membership and
the various other Unions that have a strangle hold on the carriers. You
folks are not unionized are you?

> There are ways for law enforcement to be 100% positive that no
> terrorists ever steps foot on a plane. Unfortunately, the cost involved,
> along with the reduction in efficiency, would make normal travel
> impossible.

The same is not true of networking though.

>
>
> Do you try to hold realestate developers responsible for what the
> homeowner does with their house? Do you try to hold the power company
> responsible for the people who use their electricity to grow weed?

of course not - but I do hold the provider responsible for not enforcing the
laws regarding digital fraud. And everytime one of your email servers passes
a forged email along another hop in its trip, you actively participate in
the fraud, so you are not the grower of the weed but rather the reseller of
it.

>
> I assume you were beating down the doors of Congress, tyring to get rock
> artists to be responsible for the people who committed suicide after
> listening to their albums?

Hardly, and Tipper and I disagree on many things.

>
> Andy
>
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Andy Dills                              301-682-9972
> Xecunet, LLC                            www.xecu.net
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Dialup * Webhosting * E-Commerce * High-Speed Access
>






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.