North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Government scrutiny is headed our way
On Tue, Jun 16, 1998 at 10:44:47AM -0700, Michael Dillon wrote: > > Government scrutiny is headed our way > http://www.fcw.com/pubs/fcw/1998/0615/fcw-frontcyber-6-15-1998.html > > The feds are worried that it is too hard to track down cyber attackers. > Although the article doesn't say this explicitly I expect that it won't be > long before we see politicians calling for some sort of mandated tracing > capabilities between network providers > > And since IOPS http://www.iops.org/ is hosted by a government funded > agency located on the outskirts of DC, I expect that it will be involved > in this whole thing. > > If we could track attacks to their source more quickly, then government > would not feel the need to intervene. This may require some changes to > router software but unless network operators ask for the changes, the > manufacturers will not do it. > > We need some sort of protocol that will recursively track spoofed source > address packets back to their source one hop at a time. Given a > destination address the protocol would track it to the previous hop router > and recurively initiate the same tracking procedure on that router. Once > the attack is tracked to the source, the probe would unroll and report the > results to all routers along the probe path for logging or reporting. > > We have seen that when misconfigured equipment can be quickly identified, > such as the smurf amplifiers, then we can apply pressure and get things > fixed. Similarly if we can quickly identify the source of a spoofed source > address attack then we can apply pressure to get filters in place and have > people arrested or secure an insecure machine as the case may be. > > -- > Michael Dillon - Internet & ISP Consulting > Memra Communications Inc. - E-mail: [email protected] > http://www.memra.com - *check out the new name & new website* It is about goddamn time, and I hope the government DOES get involved. Try calling ANY of the major NOCs to get a smurf traced. Good luck. I have yet to have even attacks going on for more than an hour successfully traced back to their source. -- -- Karl Denninger ([email protected])| MCSNet - Serving Chicagoland and Wisconsin http://www.mcs.net/ | T1's from $600 monthly / All Lines K56Flex/DOV | NEW! Corporate ISDN Prices dropped by up to 50%! Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS Fax: [+1 312 803-4929] | *SPAMBLOCK* Technology now included at no cost
|