Global Blackhole Service

Fri Feb 13 17:56:50 UTC 2009

Listen online to my favorite hip hop radio station http://www.Jellyradio.com

On Feb 13, 2009, at 9:35 AM, Paul Vixie <vixie at isc.org> wrote:

> blackholing victims is an interesting economics proposition.  you're  
> saying
> the attacker must always win but that they must not be allowed to  
> affect the
> infrastructure.  and you're saying victims will request this, since  
> they know
> they can't withstand the attack and don't want to be held  
> responsible for
> damage to the infrastructure.
>
> where you lose me is where "the attacker must always win".
>

Perhaps removing the challenge from the attacker will bore them and  
they lose interest?  However if an attackers goal is to put someone  
out of business, they will keep it up until the deed is done.

Identifying the attacker is important. They must be the one who is in  
trouble, not the victim.

We have seen attackers extorting customers for money with things like  
"100k wired to Nevis bank account or attack continues".

In any case I do not believe a victim should be responsible for  
infrastructure damage caused by some random criminal attacking them.   
While I understand that it's that customer receiving the attack; the  
providers must work with the customer to trace it back to the source.

A hacker who thinks the customer is on a security weak provider will  
return seeking your other customers.  However if the hacker feels you  
are security savvy then he may choose another target.  Everyone wins.

Also, rather than penalize the victim for damage, you could always  
unplug them to interdict the damage.

By going after the hacker, you could prosecute and perhaps gain some  
nice press/media about the strength of your orginization as a side  
dish to the satisfying meal of eating your enemy?