class action suit any lawyers here? :) On Fri, 8 Jun 2001 Bill_Royds@pch.gc.ca wrote: > When the fist ISP looses a $10 million lawsuit becuase it didn't do egrees > filtering and its servers were used for a DDoS attack, then egress filtering > will become standard. > But who is willing to start the suit? > > > > > "Paul D. Robertson" <proberts@patriot.net> on 06/08/2001 09:39:26 AM > > > > To: dgillett@deepforest.org > > cc: firewalls@Lists.GNAC.NET(bcc: Bill > Royds/HullOttawa/PCH/CA) > > > > Subject RE: This is a must read document. It will > : freak you out > > > > > > If we all take the individual stance, then no, but if everyone hardened, > then the aggragate hardening would ensure that DDoS attacks weren't easy > to mount, and that at least critical resources at high-bandwidth > multihomed locations (like the root servers) wouldn't be as vulnerable to > attack. As long as everyone is only worried about themselves, and nobody > does things like egress filter rules to stop spoofing (after all, that > only really helps your neighbors, right?) then we'll continue to be in the > shape we're in. If I had to count the number of times I've had to prove > that an outbound access list on the external interface of a border router > doesn't impact that router's performance significantly... > > We've got a protocol in front of IETF to do the host identification, we've > spent time with a *lot* of very smart people talking about anti-DDoS > methodologies. The end game is that to keep the critical infrastructure > protected, we don't need anywhere near 100% compliance (I think the figure > was around 20%, but I don't have that data here at home.) > > If you harden a site against intrusions, then it becomes one less > launch point for attacks. If it became culturally unacceptable to put a > default install of anything on a network, the number of sites used to > launch any atttack would go down to the point where we could start to deal > with individuals doing malicious acts. That's far better than throwing up > our collective hands and saying we can't do anything about it, or waiting > for someone else to solve the problems for us. > > > On the other hand, there's a sense in which a DDoS that prevents > > users from reaching my servers cannot knock me further down than > > zero. An actual intrusion, a compromise of sensitive medical data or > > credit card numbers or missile launch codes, has no such natural > > limit on how bad the damage can be.... > > Exactly- DDoS attacks don't worry me too much from a strategic > perspective, because one they stop they're over. Intrusions, especially > of infrastructure components worry me significantly more because of the > lack of boundaries on damage or malice. > > I'd rather have my network off the air from one of its providers than my > leg off my body from a bad surgery scheduler. > > Paul > ----------------------------------------------------------------------------- > Paul D. Robertson "My statements in this message are personal opinions > proberts@patriot.net which may have no basis whatsoever in fact." > > - > [To unsubscribe, send mail to majordomo@lists.gnac.net with > "unsubscribe firewalls" in the body of the message.] > > > > > - > [To unsubscribe, send mail to majordomo@lists.gnac.net with > "unsubscribe firewalls" in the body of the message.] > uram@cmu.edu "Blessed are those who have not seen and yet have faith." - John 20:29 - [To unsubscribe, send mail to majordomo@lists.gnac.net with "unsubscribe firewalls" in the body of the message.]