Re: DOS ATTACK

["Jay D. Dyson" <jdyson () treachery net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 30 Oct 2002, Gary Flynn wrote: 

> I believe it says a lot about the sorry state of the Internet when all
> the suggestions to a crime of vandalism or harassment consist of
> technical measures and nobody has suggested law enforcement.

        With all due respect, have you ever tried to engage law
enforcement on matters involving the Internet?  If you have and you had a
positive experience, my hat is off to you.  As it stands, both I and
everyone I know who has attempted to bring LEAs to the table on such
issues has encountered an insurmountable wall of ignorance coupled with an
incomprehensible wall of silence. 

        First off, local law enforcement can rarely find its butt with
both hands when any case involves the Internet.  Secondly, the FBI won't
touch a case that has less than $5,000 in damages (unless you're *REALLY*
well-connected politically).  So if you're staring down a DoS attack and
your systems spring back after the attack ends, you're going to have a
hard time convincing the local gumshoe that you have any loss to report.

> Are we all reduced to fiefdoms needing our own department of defense and
> without the protection of our legal system? 

        I'm sorry, but the legal system doesn't "protect" anyone.  It only
allows for redress of grievances *after* the fact.  No law on the books
protects anybody's systems from attack; they only afford the victim one
avenue by which they can exact a pound of flesh from their attacker.  Of
course, that requires tracking down and catching the attacker red-handed
in the act.  I hate to break it to you, but the local cops aren't even
going to spend a coffee break mulling over that course of action.

        Again, this is all very different if you're a corporation with
deep pockets and political connections (such as Yahoo, eBay, the New York
Times, et al).

> Where else are such frequent crimes so nonchalantly expected and dealt
> with by the victim? 

        In many cases.  That's why we have civil suits after the criminal
trials.  Contrary to popular opinion, law enforcement does not go out of
its way to champion anyone's right to life, liberty and the pursuit of
happiness.  They take the case, work it a few weeks, toss what they get to
a Grand Jury, turn it all over to the State, and walk away.  Period.

> I realize that law enforcement probably has more pressing problems
> needing its limited resources but this is getting pathetic. 

        Getting pathetic?  Hell, it's been there for years.  We are now
nearing *FOURTEEN* years after the advent of the Morris Worm and people
still don't get the picture that their insecure systems are just so much
over-ripe fruit hanging low for any gimp with a script to pick off.

- -Jay

  (    (                                                          _______
  ))   ))   .--"There's always time for a good cup of coffee"--.   >====<--.
C|~~|C|~~| (>------ Jay D. Dyson -- jdyson () treachery net ------<) |    = |-'
 `--' `--'  `-------- Blackout, 2001.  Gray out, 2002. --------'  `------'

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (TreacherOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iD8DBQE9wFJYTqL/+mXtpucRAvdMAJ9IY7iUYVsB2A3LfiqHKx1YrK8WxwCcCFqr
eXkuq3IzV07FwKXSbNnVgoM=
=AGWY
-----END PGP SIGNATURE-----


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com