nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Nato warns of strike against cyber attackers

From: Jorge Amodio <jmamodio () gmail com>
Date: Wed, 9 Jun 2010 07:21:38 -0500
On the other hand think as the Internet being a vast ocean where the
bad guys keep dumping garbage, you can't control or filter the
currents that are constantly changing and you neither can inspect
every water molecule, then what do you do to find and penalize the
ones that drop or permit their systems to drop garbage on the ocean ?


Bad analogy. There's some plumes of oil in the Gulf of Mexico that are
getting mapped out very well by only a few ships.  You don't have to
examine every molecule to find parts-per-million oil, or to figure out
who's oil rig the oil came from.


May be, but that is a particular case where you can exactly finger
point who made the mess and make him accountable and responsible to
cleaning it. But it's another example that shows that companies make
decisions based not on what is right or wrong to do but what is more
or less profitable to do within a risk management context.


And you don't need to look at every packet to find abusive traffic
either - in most cases, simply letting the rest of the net do the work
for you and just reading your abuse@ mailbox and actually dealing with
the reports is 95% of what's needed.


Agreed, but you still have no control about what happens on the other
side of the ocean, and if you don't provide a liability waiver to the
abuse@ guy they may have their hands tied by their legal department to
do anything.

I'll give you another bad analogy, for sure we need to keep an eye and
deal with transport and distribution, but the only way to eradicate
drugs (most unlikely because of the amount of $$$ it moves) is to go
after production and particularly consume, meanwhile the only thing
you can do is damage control and contention.

If it is still so freaking easy for the crocks to have a profitable
criminal biz on the net, they will find the workaround to keep making
money while its easy.

My point is, go hard after the crocks and fix the holes, things like
why the heck access to the power grid control systems are accessible
over the net from Hackertistan ? And if there is a real reason for it
to be on the net put the necessary amount of money and technology to
make it as secure as possible.

Regards
Jorge
Previous By Date Next
Previous By Thread Next

Current thread: