[lug] DOS attack

[D. Stimits]

"Scott A. Herod" wrote:
> 
> Hello,
> 
> Speaking of DOS attacks, in one of the articles about the recent
> MS attack it was suggested that people whose machines are hijacked
> and then used for DDoS attacks should be held liable for damages.
> 
> <http://www.cnn.com/2001/TECH/computing/01/29/security.hackers.reut/index.html>
> ( last couple of paragraphs )
> 
> I find that idea a bit disconcerting but it is somewhat like regulations
> requiring you to keep firearms locked up in your home.  ( Of course
> getting
> a gun safe is a lot easier than trying to figure out how to set up and
> maintain
> an ipchains firewall. )

I'd have mixed feelings about that. On the one hand, it is easy to not
leave your keys in the car, but the technology isn't sufficient yet for
most non-computer types to avoid intelligent attacks (and even some
scripts are semi-intelligent). I would agree that someone who doesn't
use passwords should be considered for a fine, or someone who is found
to be part of a DOS hijacked machine who fails to at least make an
effort to reinstall some of the basics could be negligent. As to
anything else, it becomes punishing the victim...there is way too much
of that attitude these days, many people are incredibly eager to make
bad decisions for other people if it makes their own lives easier. The
thing that makes the article interesting is that it says it is for
people who are repeatedly hijacked, and not just the average hijacking
of machine. The part about making ISP's responsible for trying to stop
retransmission of packets identified as part of the problem seems a good
one, but then the comment about how hard it is to identify the right
packets is also true. I would suggest it is a very good idea to require
ISP's to have some minimal ability to firewall or filter so that they
could cooperate with others during a DOS attack, assuming someone can
provide them with information on what to block (i.e., it wouldn't be up
to the ISP to install so much hardware and software that they could
unilaterally decide where the problem is...it would be a distributed
effort). What I think would be a nice idea is that if an ISP finds that
it was used by a machine they directly provide service for is DOS
attacker (hijacked or otherwise), there should be some mandatory
reporting of it, along with the evidence.

> 
> Scott
> 
> "D. Stimits" wrote:
> >
> > My ISP (idcomm.com) was under a DOS attack all day today, I couldn't
> > believe how long it has taken to restore service. Some of the dialup
> > numbers are still unable to function. I'm wondering if anyone else got
> > hit today? I keep hoping to hear about someone getting traced to it, and
> > thrown in jail.
> >
> > D. Stimits, stimits at idcomm.com