nanog mailing list archives

Re: Is there a line of defense against Distributed Reflective attacks?

From: Valdis.Kletnieks () vt edu
Date: Mon, 27 Jan 2003 16:20:54 -0500

On Mon, 27 Jan 2003 15:53:07 EST, alex () yuriev com said:

The amazingly simple solution is to make it uneconomical for anyone to
maintain unprotected network (for whatever two sets uneconomical and
unprotected are). For example, have a machine that had been broken into and
used to attack a company which lost $5M because of that attack, make whoever
owns the machine was broken into pay $5M + attorney frees + punitive


So the guy who makes $25K a year and has a $400 PC in a single-wide finds
himself liable for $5M because Nimda jumped from his PC to some PC in a
large corporation, where it then goes on a large burn.

(a) How do you collect?

(b) What does the corporation do when the defense lawyer argues that it's
95% the corporation's fault for *letting* the trailer-trash PC do it?

Most corporate exec don't want to go there - they'd have to quantify that
they had $5M in damages, and then they'd have to explain to the shareholders
why their screw-up cost the share-holders $5M in lost profits/dividends.

It would be a Phyrric victory, at best...

Attachment: _bin
Description:

Current thread:

Re: Is there a line of defense against Distributed Reflective attacks?, (continued)
- - - Re: Is there a line of defense against Distributed Reflective attacks? Hank Nussbacher (Jan 16)
    - Re: Is there a line of defense against Distributed Reflective attacks? Sean Donelan (Jan 17)
    - Re: Is there a line of defense against Distributed Reflective attacks? Vadim Antonov (Jan 17)
    - Re: Is there a line of defense against Distributed Reflective attacks? Richard Irving (Jan 17)
    - Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 17)
    - Re: Is there a line of defense against Distributed Reflective attacks? alex (Jan 23)
    - Re: Is there a line of defense against Distributed Reflective attacks? Michael Lamoureux (Jan 23)
    - Re: Is there a line of defense against Distributed Reflective attacks? alex (Jan 27)
    - Re: Is there a line of defense against Distributed Reflective attacks? Jack Bates (Jan 27)
    - Re: Is there a line of defense against Distributed Reflective attacks? E.B. Dreger (Jan 27)
    - Re: Is there a line of defense against Distributed Reflective attacks? Valdis . Kletnieks (Jan 27)
- Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 16)
  - Re: Is there a line of defense against Distributed Reflective attacks? Brad Laue (Jan 16)
    - Re: Is there a line of defense against Distributed Reflective attacks? hc (Jan 16)
    - Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 16)
    - Re: Is there a line of defense against Distributed Reflective attacks? Valdis . Kletnieks (Jan 16)
  - Re: Is there a line of defense against Distributed Reflective attacks? alex (Jan 23)
- Re: Is there a line of defense against Distributed Reflective attacks? David G. Andersen (Jan 16)
  - Re: Is there a line of defense against Distributed Reflective attacks? David G. Andersen (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? John Kristoff (Jan 17)
  - Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 17)

(Thread continues...)