[55354] in North American Network Operators' Group
Re: Is there a line of defense against Distributed Reflective attacks?
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Mon Jan 27 16:30:30 2003
To: alex@yuriev.com
Cc: lamour@UU.NET, "Christopher L. Morrow" <chris@UU.NET>,
Brad Laue <brad@brad-x.com>, hc <haesu@towardex.com>, nanog@merit.edu
In-Reply-To: Your message of "Mon, 27 Jan 2003 15:53:07 EST."
<Pine.LNX.4.10.10301271549370.30768-100000@s1.yuriev.com>
From: Valdis.Kletnieks@vt.edu
Date: Mon, 27 Jan 2003 16:20:54 -0500
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_1066305576P
Content-Type: text/plain; charset=us-ascii
On Mon, 27 Jan 2003 15:53:07 EST, alex@yuriev.com said:
> The amazingly simple solution is to make it uneconomical for anyone to
> maintain unprotected network (for whatever two sets uneconomical and
> unprotected are). For example, have a machine that had been broken into and
> used to attack a company which lost $5M because of that attack, make whoever
> owns the machine was broken into pay $5M + attorney frees + punitive
So the guy who makes $25K a year and has a $400 PC in a single-wide finds
himself liable for $5M because Nimda jumped from his PC to some PC in a
large corporation, where it then goes on a large burn.
(a) How do you collect?
(b) What does the corporation do when the defense lawyer argues that it's
95% the corporation's fault for *letting* the trailer-trash PC do it?
Most corporate exec don't want to go there - they'd have to quantify that
they had $5M in damages, and then they'd have to explain to the shareholders
why their screw-up cost the share-holders $5M in lost profits/dividends.
It would be a Phyrric victory, at best...
--==_Exmh_1066305576P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQE+NaK2cC3lWbTT17ARAjJ9AJ44sFOtxTkESEwENSO7kTavz7hUBQCg4LzD
zMr0+W7cgm6rud8yeHUbS+8=
=dQ4S
-----END PGP SIGNATURE-----
--==_Exmh_1066305576P--
