North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: DDoS attacks
On Thu, 12 Jul 2001, Roeland Meyer wrote: > > From: [email protected] [mailto:[email protected]] > > Sent: Thursday, July 12, 2001 7:23 AM > > > I can't help but believe that if even 20% of them > > were caught and had to spend just a little time (even hours) with the > > cops, and had their peecees confiscated, you'd not be seeing > > nearly the problems we are now. > > This is the main point, a script-kiddie hunt, with prosecution, is the ONLY > real deterrent. Throw some of them in hotel greybar and remove them from > computing, for life, and we may see some of this turn around. I am just concerned about our current legal systems being able to handle such cases efficently. Well.. Perhaps I should not use 'legal systems' and 'efficently' in the same sentence, but you get the idea ;) Think SPAM here. It has been discussed in the past, and I have a few users who have been victims of SPAM-zombies (or the like). This is not too much different. I got abuse reports from several different sources about SPAM originating from a customer of ours who has been with us for four years so I questioned stuff. Turns out they had a similar zombie designed to SPAM. Their fault? No. Should I have placed filters on their IP? Yes. It was a choice to deny one person service till the problem was corrected for a short time, or to have the rest of the internet community suffer. Also- dealing with attackers from other countries (and taking them to court) can be a serious and costly issue. > If a lady wears skimpy clothing, does she deserve to get raped? Obviously, > not. If a computer has skimpy protection, does it deserve to be turned into > a zombie? Simply because you forget to lock your car one night (whilst in > your driveway), do you deserve to have it stolen? If you leave a $100 on > your kitchen table, in your unlocked house, whilst you are working in your > garage, do I have the right to sneak in the back door and take it while > avoiding prosecution, on the grounds that you were careless? WRT EFFnet, > does a prostitute deserve to be raped? Agreed. They do not deserve it. However, by the time their machine(s) are comprmised, the damage has been done. > There are certain reasonable presumptions, like safety, that our society > affords us. Script kiddies violate those as do the slime-bags that argue for > their good. How much of our budgets have gone to protecting ourselve from > those rodents? How much revenue has been lost because of their activity? > They are the rats of the Internet and bring disease with them whereever they > go. Their population is growing to plague proportions and they are getting > bolder. It's long past time to poison the lot of them, including their > supporters. I wish I had the $$ to take them all to court (even some of them in other countries). > Personally, I feel that the crud that writes and releases their code for > them should be lobotomized. Regardless of their disclaimers, they are NOT > doing a public good. In a perfect world, we would not need hardened-steel-reenforced safes for our money and 128-bit SSL encryption to make online orders. All of our efforts and attempts to bring order to a chaotic society will be tested again and again by members of that society. So- while I agree with your intentions- staying ahead of the game is probably the most efficent way to 'win'. Hence BugTraq and the like. Sure- posting code to bugtraq which gives remote root access to 10% of DNS servers on the planet also puts that code in the hands of individuals who do not deserve it. However, and even better-yet, it puts it in the hands of those who need it most. --- Brad Baker Director: Network Operations American ISP [email protected] +1 303 984 5700 x12 http://www.americanisp.net/
|