North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: CCO/cisco.com issues.
- From: Suresh Ramasubramanian
- Date: Tue Oct 07 09:07:42 2003
Stephen J. Wilcox [10/7/2003 6:06 PM] :
You are making assumptions.. Cisco havent said if the source was spoofed or not,
as a recent nanog thread indicated a lot of attacks do not use spoofed addresses
any more simply because the controllers have access to enough legitimate windows
boxes to not care about discovery of source.
I did say "for starters". I put it to you that there is still a non
trivial amount of attacking going on that does use spoofed traffic.
Yes, there are lots of IRC controlled zombies, and yes, there are pissed
off teenage skript kiddies who shut down the port of houston's servers
trying to bomb someone they had a pissing match with on IRC (don't have
more details than what I read on Dave Farber's IP list today).
I am increasingly sharing the opinion that many of these high profile attacks
are carried out by a small group.. spammers or whoever they are, the only way to
tackle them is directly by hunting them down and prosecuting them. Assuming that
there is a cash motivation somewhere (eg spam) this also means that there is a
very high probability the attackers reside in a country where prosecution would
be possible eg US/Europe
Easier said than done. First - prove that the guy did it (or hired a
kiddie in china or eastern europe or wherever to do it) Next, prove to
the Feds that damage > [what, USD 25K?] was caused. And that is for
starters.
srs
--
Suresh Ramasubramanian <suresh@outblaze.com> gpg# EDEDEFB9
Security and Antispam Operations Manager, Outblaze Limited
|
