nanog mailing list archives
RE: Cutting to the chase (was RE: ABOVE.NET SECURITY TRUTHS?)
From: Travis Pugh <tpugh () shore net>
Date: Sat, 29 Apr 2000 09:27:39 -0400 (EDT)
On Fri, 28 Apr 2000, Paul Ferguson wrote:
Now that this topic has been brought up, I have a question to the list in general. I have suggested to Susan Harris (who does a FANTASTIC job of putting the NANOG meeting agenda together) that it might be interesting to have a panel session at the Albuqureque NANOG consisting of several folks (including popular trade press journalists) to discuss the "damage factor" in disinformation. I have personally been appalled at the lack of accuracy in the more recent reports of service provider outages that have been erroneously reported as being due to "hacker attacks" or DoS attacks.
The AboveNet report I saw on Computerworld: http://www.computerworld.com/home/print.nsf/(frames)/000427D962?OpenDocument&~f Says the FBI is looking for a DoS attacker, calls the incident a DoS attack, and generally leaves no room for the uneducated reader to understand that their ISP is not in imminent danger of being blown off the 'net by a copycat ... DESPITE a variety of concise, easily understandable quotes from Paul Vixie which dismiss this possibility.
This has led to excessive fear-mongering & FUD, and tends to reduce the confidence in the service provider community, and in my humble opinion, needs to be addressed. What does the list, in general, think about this proposal?
If we were to educate the press, it would require something closer to full disclosure in the event of an incident on any of our networks. Reporters aren't going to pay any attention to what is discussed at a panel at NANOG if the next incident doesn't include enough information that they don't have to speculate wildly about the cause. Any decent reporter is not going to be happy with an intentionally-vague press release from the PR department, and they will print incorrect information rather than nothing at all. AboveNet should be thanked for their response to this incident ... and if we all responded the same way it would be possible to get accurate information in trade rags. There is a price to pay for full-disclosure, however, since it tends to *really* piss off PR and corporate managers.
Thanks, - paul
-travis
Current thread:
- Cutting to the chase (was RE: ABOVE.NET SECURITY TRUTHS?) Roland Dobbins (Apr 28)
- Re: Cutting to the chase (was RE: ABOVE.NET SECURITY TRUTHS?) Paul Ferguson (Apr 28)
- Re: Cutting to the chase (was RE: ABOVE.NET SECURITY TRUTHS?) Paul Vixie (Apr 28)
- <Possible follow-ups>
- RE: Cutting to the chase (was RE: ABOVE.NET SECURITY TRUTHS?) Roland Dobbins (Apr 28)
- RE: Cutting to the chase (was RE: ABOVE.NET SECURITY TRUTHS?) Paul Ferguson (Apr 28)
- RE: Cutting to the chase (was RE: ABOVE.NET SECURITY TRUTHS?) Paul Ferguson (Apr 28)
- RE: Cutting to the chase (was RE: ABOVE.NET SECURITY TRUTHS?) Travis Pugh (Apr 29)
- RE: Cutting to the chase (was RE: ABOVE.NET SECURITY TRUTHS?) Paul Ferguson (Apr 28)
- Re: Cutting to the chase (was RE: ABOVE.NET SECURITY TRUTHS?) Danny McPherson (Apr 28)
- Re: Cutting to the chase (was RE: ABOVE.NET SECURITY TRUTHS?) Paul Ferguson (Apr 28)
- Re: Cutting to the chase (was RE: ABOVE.NET SECURITY TRUTHS?) Danny McPherson (Apr 28)
- Re: Cutting to the chase (was RE: ABOVE.NET SECURITY TRUTHS?) Paul Ferguson (Apr 28)