Re: Slate Podcast on Estonian DOS atatck

[ge () linuxbox org]

On Thu, May 24, 2007 at 09:25:54AM +0100, Alexander Harrowell wrote:
> On 5/23/07, ge () linuxbox org <ge () linuxbox org> wrote:
> > I just now got from a 6 hours beer fest with ISP/CERT/military/etc. guys
> > who have been working on these attacks on Estonian infrastructure for the 
> > past 3 weeks here in
> > Tallinn.. so if I make less sense than usual, please forgive me. Beer
> > good.
> >
> > Sitting with these folks for the past week, I got so impressed with the
> > abuse handling work they are doing that even I, who had a very negative 
> > opinion
> > of Estonia and cyber-crime, completely changed my mind.
> >
> > Their CERT is *extremely* responsive, their ISPs are all talking and
> > cooperating on abuse and security (and drinking beer). Things are very
> > different from what they were even just a year ago. Even their Police
> > force is clued.
> >
> > If anyone has issues in Estonia, I'd strongly urge you to contact the
> > Estonian CERT at www.cert.ee, and you most likely won't get
> > disappointed. A lot of good people over here.
> >
> >        Gadi.
>
> How serious was the attack really? The national press reporting was
> either nonexistent or hysterical (Cyberwar! Woo!), but it didn't
> disturb anyone to post to NANOG at any point, and it does not seem to
> have had any measurable real-world consequences.
>
> Was this because a) it wasn't really that serious, b) it was serious
> but mitigation was successful, or c) being well-mitigated (BCP38 and
> the like) from the word go, its seriousness or otherwise wasn't
> obvious?

A lot of people had information to share and emotions to get out of the
way, I sent my reply off-list. Also, it was really not my place
reply on this - with all the work done by the Estonians, my
contributions were secondary. My discussions with Mr. Harrowell are
public on his blog. Information from Bill Wodcock was also sound.

As to what actually happened over there, more information should become
available soon and I will send it here. I keep getting stuck when trying
to write the post-mortem and attack/defense analysis as I keep hitting a
stone wall I did not expect: strategy. Suggestions for the future is
also a part of that document, so I will speed it up with a more
down-to-Earth technical analysis (which is what I promised CERT-EE).

In the past I've been able to consider information warfare as a part of
a larger strategy, utilizing it as a weapon. I was able to think of
impact and tools, not to mention (mostly) disconnected attacks and
defenses.

I keep seeing strategy for the use IN information warfare battles as I
write this document on what happened in Estonia, and I believe I need
more time to explore this against my previous take on the issue, as
well as take a look at some classics such as Clausewitz, as posh as
it may sound.

Thanks,

        Gadi.