[54832] in North American Network Operators' Group
Re: Is there a line of defense against Distributed Reflective attacks?
daemon@ATHENA.MIT.EDU (Mike Hogsett)
Fri Jan 17 16:47:06 2003
To: nanog@merit.edu
In-Reply-To: Message from "Christopher L. Morrow" <chris@UU.NET>
of "Fri, 17 Jan 2003 20:44:30 GMT." <Pine.GSO.4.33.0301172042330.19744-100000@rampart.argfrp.us.uu.net>
Date: Fri, 17 Jan 2003 13:45:57 -0800
From: Mike Hogsett <hogsett@csl.sri.com>
Errors-To: owner-nanog-outgoing@merit.edu
> > Getting everyone to take security more seriously will most likely never
> > going to happen.. :(
>
> If this is the case then we are screwed... I hope its not the case, I hope
> that the customer service folks at ISP/NSP's and NOC and Engineering folks
> all keep this in their minds and push their upper management to start
> doing the right thing. It really doesn't cost that much, and its certainly
> cheaper than the cost of outages or lost revenue when your business is
> DoS'd, eh?
When the insurrance companies get involved and charge a larger premium to
corporations not implementing reasonable security policies and procedures
then the situation will improve.
Time and time again I have seen corporations do nothing about a problem
(physical safety, physical security, network security) until it hurts the
bottom line.
Also, a large profile (e.g. in the mainstream media) network security
incident against a large corporation would again bring attention to the
problem. I think that if a network security incident had brought Enron to
its knees, rather than questionable accounting, people would be taking
more notice of the problem.
- Michael Hogsett
