Re: UMass computer scientist offers a new way to track internet vandals

[InfoSec News <isn () c4i org>]

Forwarded from: covert_one <covert_one () ziplip com>

It would seem that either ISPs or companies suspectable to DoS attacks
need to have a sysadmin on site 24/7 - better yet have a secsysadmin
on site(or remote location) to monitor and respond to 'inappropriate'
network activity. someone with some training could reconise a DoS
attack and take action, block the IP, contact the ISP to shut it off.
 
Also if ISPs WOULD make users liable for their attacks, weither they
did it or not, would perhaps stop some users due to criminal/civil
liabilities. If a college or ISP was to be charged for their machines
parcipating in a DDoS attack, then they would take security more
seriously.

Laws and regulations could/should force people that put machines on
line to conform to certain specifications for security. Unpatched
servers could have the owner fined for not keeping their box secure.
But thats a non-existant department of the USG.

Just an idea

C0VERTl


> -----Original Message-----
> From: InfoSec News [mailto:isn () c4i org]
> Sent: Saturday, April 13, 2002, 12:58 AM
> To: isn () attrition org
> Subject: Re: [ISN] UMass computer scientist offers a new way to track internet
>  vandals 
>
> Forwarded from: Russell Coker <russell () coker com au>
>
> On Fri, 12 Apr 2002 10:02, you wrote:
>
> > become so overwhelmed with traffic that they crash. Micah Adler, an
> > assistant professor at the University of Massachusetts Department of
> > Computer Science, has developed a new technique for determining the
> > source of such an attack that requires only adding a single bit of
> > information to messages sent across the Internet.
>
> Of course if everyone put filters on their edge routers that prevented
> their customers from faking source IP addresses then it would be much
> easier to identify the attacker, and would make it possible to filter
> the attacks out (if the attack starts at 6PM local time for the
> attacker then you have no chance of getting the local administrator to
> do anything for more than 12 hours), core routers don't get filters,
> so you must be able to filter what you receive.
>
> Also big ISPs are very wary of making any changes to core routers.  
> Getting them to replace the firmware with a new version that has a
> major new feature such as this enabled will be next to impossible.

_::Quote of the Moment::_
   If you go through life trying to make everyone happy, you will not 
be happy

  _::Suggested Song of the Moment::_
    The Romantics "Rock You Up" and "What I like about you"
    Golden Earring "Radar Love"
    Beastie Boys "Sabotage"            
    Otis and the Kingsmen "Louie, Louie"
 
*** Rubi-Con 4 Hacking Convention is over***  Read about the people 
and events from C0VERTl's perspective
here:
 http://c0vertl.tripod.com/digital.htm 

     [[[[[[>-Contact C0VERTl-<]]]]]]

            AIM: C0VERT0NE
      Yahoo Messenger: C0VERTl
   Best Email: covert_one () ziplip com
   Feed Your Brain visit the Digital Nomad Website
   http://c0vertl.tripod.com/digital.htm
   [[[[[[[[[[[[[[[[[-]]]]]]]]]]]]]]]]]



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.