North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: My First Denial of Service Attack..... (fwd)

  • From: Eric Ziegast
  • Date: Mon Oct 07 04:48:43 1996

> > I think that there are appropriate (and possibly over-harsh depenidng
> 
> Shouldn't it be dependent on what type of money was lost during an 
> attack? Somewhat comparable to injury compensation?

Here's a non-relevant anecdote you reminded me of:

  I once worked one summer for a construction company that was
  extending a mass-transit train line northeast of Washington, D.C.
  The tracks of an existing rail line parallel to our new line
  was laid upon about 6' of small rocks.  Along those rocks for
  several yard/meters, a very thick metal-foil shielded cable
  jutted out from its rocky protection.

  I asked another crew member, "What's that?"

  "Oh, that's Sprint's fiber up the northeast corridor, " he replied.

  "It shouldn't be lying out there, should it?  What if I or someone
   else took a shovel to it?"

  The foreman commented, "We'd be sued for $100,000 for every 10 minutes
  the line was cut."

  Being good at math, I was awestruck, "That's 6 million dollars per
  hour!"

  "Yeah, you'd likely be fired before the rest of us would be laid off,"
   added our foreman.

It gave me new-found respect for loose cables and later for Wiltel's
gas pipe right-of-ways.

IMHO, I'd say it's up to an ISP to calculate how much an attack costs
them if they catch a hacker and then take them to trial.  You don't hear
of ISPs taking people to trial, though, just cutting off their access.
If hackers know that they'll be sued if they're caught, it might deter
them (from being caught at least ;^).

--
Eric Ziegast
- - - - - - - - - - - - - - - - -