Firewall Wizards mailing list archives

Re: Castles and Security (fwd)

From: Crispin Cowan <crispin () wirex com>
Date: Wed, 03 Jan 2001 16:50:29 -0800

"Marcus J. Ranum" wrote:

Imagine if somewhere between 10% and 20% of the "hacker sites" were
actually owned and operated by netcops. ... Further, imagine that a significant but
undetermined percentage of the "hackers" out there are actually netcops.
... More importantly again we have the targeting problem: there
would still be plenty of hacking activity going on, but it'd now be an FFZ
they'd be operating in, rather than a sheltering environment in which
information can be easily exchanged.


I don't buy that this is feasible.  Much of what the bad guys exchange is:

   * vulnerability clues:  lookit the buffer overflow in foo daemon
   * sploits:  software that exploits vulnerabilities.  In principle you can trojan it, but in practice the sploits are 
all source code, and netcopz distributing such copwarez would get outed really fast.

I think it would turn into a really short-lived game of "spot the Fed".  I very short order, the undercover netcopz 
would be well-known, and thus of little use.

I.e. the FFZ analogy does not apply :-)

Going a little deeper, the *reason* it does not apply is that you can only attack someone by sending them information 
if they have to trust the veracity of that information.  If the recipient can indipendently verify that the info you 
sent was bogus, then not only
does the attack not work, but you get tagged as an enemy.

So in a nation-state warfare situation, mis-information works, because e.g. the Third Reich had a hard time verifying 
facts about internal ops in the UK.  In the terrorist world, the bad guys can verify or debunk a lot of 
mis-information, so the tactic doesn't work
so well.

Crispin

--
Crispin Cowan, Ph.D.
Chief Research Scientist, WireX Communications, Inc. http://wirex.com
Free Hardened Linux Distribution:                    http://immunix.org




_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Castles and Security (fwd), (continued)
- Re: Castles and Security (fwd) Talisker (Jan 02)
- Re: Castles and Security (fwd) Darren Reed (Jan 02)
- RE: Castles and Security (fwd) Jürgen Nieveler (Jan 02)
- RE: Castles and Security (fwd) twaszak (Jan 03)
  - RE: Castles and Security (fwd) Marcus J. Ranum (Jan 03)
    - Re: Castles and Security (fwd) Crist Clark (Jan 03)
- Re: Castles and Security (fwd) Antonomasia (Jan 03)
- RE: Castles and Security (fwd) Stiennon,Richard (Jan 03)
- RE: Castles and Security (fwd) Security Related (Jan 03)
  - RE: Castles and Security (fwd) Marcus J. Ranum (Jan 03)
    - Re: Castles and Security (fwd) Crispin Cowan (Jan 03)
- RE: Castles and Security (fwd) Lance Spitzner (Jan 03)
  - Re: Castles and Security (fwd) Darren Reed (Jan 03)
    - Re: Castles and Security (fwd) John McDermott (Jan 03)
    - Re: Castles and Security (fwd) Darren Reed (Jan 03)
    - Re: Castles and Security (fwd) M.Schubert (Jan 04)
- RE: Castles and Security (fwd) Marcus J. Ranum (Jan 03)
  - Re: Castles and Security (fwd) Darren Reed (Jan 03)
    - Re: Castles and Security Title Randy Grimshaw (Jan 04)
  - RE: Castles and Security (fwd) daN. (Jan 03)
    - RE: Castles and Security (fwd) Marcus J. Ranum (Jan 04)

(Thread continues...)