[17887] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: Government scrutiny is headed our way

daemon@ATHENA.MIT.EDU (Karl Denninger)
Tue Jun 16 14:22:52 1998

Date: Tue, 16 Jun 1998 13:14:18 -0500
From: Karl Denninger  <karl@mcs.net>
To: Michael Dillon <michael@memra.com>
Cc: nanog@merit.edu
In-Reply-To: <Pine.BSI.3.93.980616102912.3599A-100000@sidhe.memra.com>; from Michael Dillon on Tue, Jun 16, 1998 at 10:44:47AM -0700

On Tue, Jun 16, 1998 at 10:44:47AM -0700, Michael Dillon wrote:
> 
> Government scrutiny is headed our way
> http://www.fcw.com/pubs/fcw/1998/0615/fcw-frontcyber-6-15-1998.html
> 
> The feds are worried that it is too hard to track down cyber attackers.
> Although the article doesn't say this explicitly I expect that it won't be
> long before we see politicians calling for some sort of mandated tracing
> capabilities between network providers
> 
> And since IOPS http://www.iops.org/ is hosted by a government funded
> agency located on the outskirts of DC, I expect that it will be involved
> in this whole thing.
> 
> If we could track attacks to their source more quickly, then government
> would not feel the need to intervene. This may require some changes to
> router software but unless network operators ask for the changes, the
> manufacturers will not do it.
> 
> We need some sort of protocol that will recursively track spoofed source
> address packets back to their source one hop at a time. Given a
> destination address the protocol would track it to the previous hop router
> and recurively initiate the same tracking procedure on that router. Once
> the attack is tracked to the source, the probe would unroll and report the
> results to all routers along the probe path for logging or reporting. 
> 
> We have seen that when misconfigured equipment can be quickly identified,
> such as the smurf amplifiers, then we can apply pressure and get things
> fixed. Similarly if we can quickly identify the source of a spoofed source
> address attack then we can apply pressure to get filters in place and have
> people arrested or secure an insecure machine as the case may be.
> 
> --
> Michael Dillon                 -               Internet & ISP Consulting
> Memra Communications Inc.      -               E-mail: michael@memra.com
> http://www.memra.com           -  *check out the new name & new website*

It is about goddamn time, and I hope the government DOES get involved.

Try calling ANY of the major NOCs to get a smurf traced.  Good luck.  I 
have yet to have even attacks going on for more than an hour successfully
traced back to their source.

--
-- 
Karl Denninger (karl@MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin
http://www.mcs.net/          | T1's from $600 monthly / All Lines K56Flex/DOV
			     | NEW! Corporate ISDN Prices dropped by up to 50%!
Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS
Fax:   [+1 312 803-4929]     | *SPAMBLOCK* Technology now included at no cost

home help back first fref pref prev next nref lref last post