North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Is there a line of defense against Distributed Reflective attacks?

  • From: E.B. Dreger
  • Date: Mon Jan 27 19:19:43 2003

JB> Date: Mon, 27 Jan 2003 15:19:25 -0600
JB> From: Jack Bates


JB> So, if I'm reading this right, user of Vendor L doesn't like
JB> Vendor M.  Instead of attacking Vendor M's software, the user
JB> just needs to make sure Vendor M's corporate servers get
JB> infected and cause enough damage to run Vendor M into
JB> bankruptcy from the resulting law suits?

Hey!  Sounds almost like ILEC/CLEC business, dumb patents, et
cetera!  (Not that I agree with that... not by a longshot...
but that's a real risk.)


JB> What about the small mom and pop shop? Will you watch as an
JB> old family business is run into the ground because someone
JB> didn't advise them properly on handling security? There is
JB> such a thing as making penalties too stiff.  Many good
JB> businesses would be afraid to participate. Oh, wait. Never
JB> mind. They'd have Internet Vulnerability insurance.

Perhaps IVI is a worthy idea.  Misconfigured computers certainly
have the potential to cause damages.  "We can't afford to do it
right" is a poor excuse.  Hiring an expert for a few hours is
much cheaper than than damage one can cause.

I heard a saying that, "If a business can't afford infrastructure
such as accounting, legal, et cetera, it's not a business -- it's
a hobby."

Who should bear the brunt of the damage inflicted by others?  I
don't want to see people slinging ridiculous lawsuits (fast food
causes obesity! whoulda thunk?), but I can think of several
businesses that are willfully negligent when it comes to
security.  Should they go unpunished?


Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <[email protected]>
To: [email protected]
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <[email protected]>, or you are likely to
be blocked.