Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
FW: [ISN] Symbiot launches DDoS counter-strike tool
- From: Howell, Paul
- Date: Thu Mar 11 10:54:14 2004
the company's web site is http://www.symbiot.com/
personally, i see some problems with this and hope that others agree.
< paul
-----Original Message-----
From: owner-isn@attrition.org [mailto:owner-isn@attrition.org] On Behalf Of
InfoSec News
Sent: Thursday, March 11, 2004 2:41 AM
To: isn@attrition.org
Subject: [ISN] Symbiot launches DDoS counter-strike tool
http://news.zdnet.co.uk/0,39020330,39148215,00.htm
Munir Kotadia
ZDNet UK
March 10, 2004
Security company Symbiot is about to launch a product that can hit back at
hackers and DDoS attacks by lashing out with its own arsenal of tricks, but
experts say it may just be a bit too trigger-happy
Symbiot, a Texas-based security firm, is preparing to launch a corporate
defence system at the end of March that can fight back against distributed
denial-of-service (DDoS) and hacker attacks by launching a counter-strike.
In advance of the product launch, Symbiot's president, Mike Erwin, and its
chief scientist, Paco Nathan, have outlined a set of "rules of engagement
for information warfare", which they say should be part of corporate
security policy to help companies determine their exact response to an
incoming attack.
"Until today, security solutions have been totally passive in nature.
Merely erecting defensive walls around the perimeter of an enterprise
network is not an adequate deterrent," said Erwin, who argues that to have a
complete defence in place, offensive tactics must be employed.
The company said it bases its theory on the military doctrine of "necessity
and proportionality", which means the response to an attack is proportionate
to the attack's ferocity. According to the company, a response could range
from "profiling and blacklisting upstream providers" or it could be
escalated to launch a "distributed denial of service counter-strike".
Security experts expressed alarm at the company's plans.
Graham Titterington, principal analyst at Ovum, said "such a counterattack
would not be regarded as self-defence and would therefore be an attack. It
would be illegal in those jurisdictions where an anti-hacking law is in
place." He added that because many hacking and DDoS attacks are launched
from hijacked computers, the system would be unlikely to find its real
target: "Attacks are often launched from a site that has been hijacked,
making it an unwitting and innocent -- although possibly slightly negligent
-- party."
Richard Starnes, director of incident response at Cable and Wireless Managed
Security Services, said he would not employ an "active defence technique"
because there are legal and ethical issues involved. Also, he would not be
happy about any product "specifically designed to launch attacks" being put
into commercial production. Starnes said it would be easy to hit the wrong
target and even if it was the right target, there could be collateral
damage: "You may be taking out grandma's computer in Birmingham that has got
a 100-year-old cookie recipe that has not been backed up. The attack could
also knock over a Point of Presence (PoP), so you are not only attacking the
target, but also the feeds before them -- this means taking out ISPs,
businesses and home users."
Jay Heiser, chief analyst at IT risk management company TruSecure, said that
he expects the product to have "emotional appeal" to companies that have
been targets, but "that is a very bad criterion for choosing risk-reduction
measures."
"There is no evidence that this is the most effective way to deal with the
problems and there is quite a bit of historical precedence that indicates it
is totally counterproductive," added Heiser.
Governments could soon be using hacker tools for law enforcement and the
pursuit of justice, according to an expert on IT and Internet law.
Joel Reidenberg, professor of law at New York-based Fordham University,
believes it likely that denial of service attacks (DoS)
and packet-blocking technology will be employed by nation states to enforce
their laws. This could even include attacks on companies based in other
countries, he says.
ZDNet UK's Graeme Wearden contributed to this story.
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@attrition.org with 'unsubscribe isn' in the
BODY of the mail.
------------------------------------------------------------------------
To unsubscribe from netsec, send mail to majordomo@merit.edu
with a body consisting of the words "unsubscribe netsec" --
without the quotes. For more help, send a message to majordomo@merit.edu
with the word "help" as the body.
------------------------------------------------------------------------
|
