Firewall Wizards mailing list archives
Re: Castles and Security (fwd)
From: Crispin Cowan <crispin () wirex com>
Date: Wed, 03 Jan 2001 16:50:29 -0800
"Marcus J. Ranum" wrote:
Imagine if somewhere between 10% and 20% of the "hacker sites" were actually owned and operated by netcops. ... Further, imagine that a significant but undetermined percentage of the "hackers" out there are actually netcops. ... More importantly again we have the targeting problem: there would still be plenty of hacking activity going on, but it'd now be an FFZ they'd be operating in, rather than a sheltering environment in which information can be easily exchanged.
I don't buy that this is feasible. Much of what the bad guys exchange is: * vulnerability clues: lookit the buffer overflow in foo daemon * sploits: software that exploits vulnerabilities. In principle you can trojan it, but in practice the sploits are all source code, and netcopz distributing such copwarez would get outed really fast. I think it would turn into a really short-lived game of "spot the Fed". I very short order, the undercover netcopz would be well-known, and thus of little use. I.e. the FFZ analogy does not apply :-) Going a little deeper, the *reason* it does not apply is that you can only attack someone by sending them information if they have to trust the veracity of that information. If the recipient can indipendently verify that the info you sent was bogus, then not only does the attack not work, but you get tagged as an enemy. So in a nation-state warfare situation, mis-information works, because e.g. the Third Reich had a hard time verifying facts about internal ops in the UK. In the terrorist world, the bad guys can verify or debunk a lot of mis-information, so the tactic doesn't work so well. Crispin -- Crispin Cowan, Ph.D. Chief Research Scientist, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Castles and Security (fwd), (continued)
- Re: Castles and Security (fwd) Talisker (Jan 02)
- Re: Castles and Security (fwd) Darren Reed (Jan 02)
- RE: Castles and Security (fwd) Jürgen Nieveler (Jan 02)
- RE: Castles and Security (fwd) twaszak (Jan 03)
- RE: Castles and Security (fwd) Marcus J. Ranum (Jan 03)
- Re: Castles and Security (fwd) Crist Clark (Jan 03)
- RE: Castles and Security (fwd) Marcus J. Ranum (Jan 03)
- Re: Castles and Security (fwd) Antonomasia (Jan 03)
- RE: Castles and Security (fwd) Stiennon,Richard (Jan 03)
- RE: Castles and Security (fwd) Security Related (Jan 03)
- RE: Castles and Security (fwd) Marcus J. Ranum (Jan 03)
- Re: Castles and Security (fwd) Crispin Cowan (Jan 03)
- RE: Castles and Security (fwd) Marcus J. Ranum (Jan 03)
- RE: Castles and Security (fwd) Lance Spitzner (Jan 03)
- Re: Castles and Security (fwd) Darren Reed (Jan 03)
- Re: Castles and Security (fwd) John McDermott (Jan 03)
- Re: Castles and Security (fwd) Darren Reed (Jan 03)
- Re: Castles and Security (fwd) M.Schubert (Jan 04)
- Re: Castles and Security (fwd) Darren Reed (Jan 03)
- Re: Castles and Security (fwd) Darren Reed (Jan 03)
- Re: Castles and Security Title Randy Grimshaw (Jan 04)
- RE: Castles and Security (fwd) daN. (Jan 03)
- RE: Castles and Security (fwd) Marcus J. Ranum (Jan 04)