North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Is there a line of defense against Distributed Reflective attacks?
On Mon, 27 Jan 2003 15:53:07 EST, [email protected] said: > The amazingly simple solution is to make it uneconomical for anyone to > maintain unprotected network (for whatever two sets uneconomical and > unprotected are). For example, have a machine that had been broken into and > used to attack a company which lost $5M because of that attack, make whoever > owns the machine was broken into pay $5M + attorney frees + punitive So the guy who makes $25K a year and has a $400 PC in a single-wide finds himself liable for $5M because Nimda jumped from his PC to some PC in a large corporation, where it then goes on a large burn. (a) How do you collect? (b) What does the corporation do when the defense lawyer argues that it's 95% the corporation's fault for *letting* the trailer-trash PC do it? Most corporate exec don't want to go there - they'd have to quantify that they had $5M in damages, and then they'd have to explain to the shareholders why their screw-up cost the share-holders $5M in lost profits/dividends. It would be a Phyrric victory, at best... Attachment:
pgp00019.pgp
|