Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: WANTED: ISPs with DDoS defense solutions

  • From: Vadim Antonov
  • Date: Sat Aug 02 18:57:28 2003

On Sat, 2 Aug 2003, Doug Hughes wrote:

> > Besides, firewalls only protect against outsiders, whereas most damaging
> > attacks are from insiders.                                 ^^^^^^^^^^^^^
>   ^^^^^^^^^^^^^^^^^^^^^^^^^
> Do you have current data to support this? I believe this may have been
> true 5 years ago but is no longer true.

No, just my experience from working for the last 4 years in the security
field (banking, insurance, government & US Army :)

> Is this a case of distinguishing damaging vs non-damaging?

Yes.  External attacks are mostly show-offs by kids.  Insiders intend to
do damage - that's the whole point of those attacks.

> At my company,
> all recent attacks that I'm aware of have been from outside. Even if
> I allow for the fact that I'm not aware of all attacks 

Internal attacks are rarely ever discovered because attackers have benefit
of knowledge of the actual systems and can plan the execution, not just
improvise (and trip detectors).  Besides, intrusion detectors are mostly
designed to detect footprints of the external attackers.

> ... the mere volume of ones that I'm aware of would stand as
> counterpoint to the assertion that most damaging attacks are from
> insiders. Certainly, insiders have the 'potential' to generate the
> most damaging attacks with greatest ease, but I'm not sure that
> establishes a causal relationship with occurrence.

You are right that it does not; I'm afraid nobody has real figures because
these kinds of attacks are rarely reported even if discovered.

BTW, taking an unauthorized copy of company's sources when leaving company
IS an attack...  how common is that?

> Certainly the volume of attacks is strongly disproportional towards
> the outsider. 

Yep. Automated scanning lets attackers to pick easy targets; thouse
attacks are rarely targeted.


Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.