[63538] in North American Network Operators' Group
Re: CCO/cisco.com issues.
daemon@ATHENA.MIT.EDU (Suresh Ramasubramanian)
Tue Oct 7 09:06:07 2003
Date: Tue, 07 Oct 2003 18:33:43 +0530
From: Suresh Ramasubramanian <suresh@outblaze.com>
To: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
Cc: Terry Baranski <tbaranski@mail.com>, jlewis@lewis.org,
'Allan Liska' <allan@allan.org>, 'Kai Schlichting' <kai@pac-rim.net>,
nanog@merit.edu
In-Reply-To: <Pine.LNX.4.44.0310071229010.20172-100000@server2.tcw.telecomplete.net>
Errors-To: owner-nanog-outgoing@merit.edu
Stephen J. Wilcox [10/7/2003 6:06 PM] :
> You are making assumptions.. Cisco havent said if the source was spoofed or not,
> as a recent nanog thread indicated a lot of attacks do not use spoofed addresses
> any more simply because the controllers have access to enough legitimate windows
> boxes to not care about discovery of source.
I did say "for starters". I put it to you that there is still a non
trivial amount of attacking going on that does use spoofed traffic.
Yes, there are lots of IRC controlled zombies, and yes, there are pissed
off teenage skript kiddies who shut down the port of houston's servers
trying to bomb someone they had a pissing match with on IRC (don't have
more details than what I read on Dave Farber's IP list today).
> I am increasingly sharing the opinion that many of these high profile attacks
> are carried out by a small group.. spammers or whoever they are, the only way to
> tackle them is directly by hunting them down and prosecuting them. Assuming that
> there is a cash motivation somewhere (eg spam) this also means that there is a
> very high probability the attackers reside in a country where prosecution would
> be possible eg US/Europe
Easier said than done. First - prove that the guy did it (or hired a
kiddie in china or eastern europe or wherever to do it) Next, prove to
the Feds that damage > [what, USD 25K?] was caused. And that is for
starters.
srs
--
Suresh Ramasubramanian <suresh@outblaze.com> gpg# EDEDEFB9
Security and Antispam Operations Manager, Outblaze Limited
