[80723] in North American Network Operators' Group
Re: Internet attack called broad and long lasting
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Wed May 11 09:49:02 2005
To: Gadi Evron <gadi@tehila.gov.il>
Cc: Alexei Roudnev <alex@relcom.net>,
Sean Donelan <sean@donelan.com>, nanog@merit.edu
In-Reply-To: Your message of "Wed, 11 May 2005 13:44:22 +0300."
<4281E206.6050100@tehila.gov.il>
From: Valdis.Kletnieks@vt.edu
Date: Wed, 11 May 2005 09:47:48 -0400
Errors-To: owner-nanog@merit.edu
--==_Exmh_1115819266_6941P
Content-Type: text/plain; charset=us-ascii
On Wed, 11 May 2005 13:44:22 +0300, Gadi Evron said:
> First, I don't really see why an attack should be estimated by the tool
> used. If a 10 years old exploit would work, why should an attacker look
> for and use a 0day? It's silly allocation of resources.
>
> Burrowing from that, if the attack is successful, and the loss is
> significant, I think the way there - although cute, is irrelevant except
> for the defender.
Actually, it *is* relevant for the "rest of us".
Given the number of boxen that got whacked, and the number of sites involved,
"the defender" *is* "the rest of us", and "we as an industry" obviously need
to get our collective act in gear. Remember -
*Your* boxes may be hardened beyond all belief and plausibility, but you're
*STILL* screwed if some teenaged kid on another continent has more effective
control of the router at the other end of your OC-48 than the NOC monkey you
call when things get wonky....
--==_Exmh_1115819266_6941P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFCgg0CcC3lWbTT17ARAluqAKC85Vfad6hiNH0o4fVDREk0oC4gPACeIsvk
C6AqV5E9PXYK8NcGFzOh44Y=
=HebO
-----END PGP SIGNATURE-----
--==_Exmh_1115819266_6941P--
