A modest proposal

• Previous message (by thread): A modest proposal
• Next message (by thread): A modest proposal
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

   From: Allan Chong <allan at bellsouth.net>

   Yes, I realize no one is launching directly from dialup, but often, 
   the user is someone originally dialed up and telneted to some box 
   (or through multiple boxes).  
   Tracking the attack back to the compromised machine quickly is worth it
   in my opinion.   Pervasive accounting would at least allow one to
   systematically track back step by step to the origination.

No, pervasive accounting would only allow you to strengthen your
position once you arrived at a conclusion.  It does not in any way
offer help in arriving at that conclusion.

   Even then
   it might be a university cluster (MIT used to give out the root
   passwords to workstations since everything was kerberized), but
   the cognoscenti at the university can often take care of the problem
   given the motivation.  Right now the problem seems to be that the
   attack is totally anonymous and the methodology for tracking back to
   the source is involved.

Not likely to be a university cluster in my experience...  some local
pranks may be launched from university clusters.  Dorm rooms and
personal boxes, OTOH, seem to be a favorite for the past couple of
years; expect that one to get worse.  But yes, the problem is finding
out who the perp is, not proving who the actual offender was once
you've narrowed yourself down to half a dozen possibilities and
enlisted the cooperation of their local sysadmin.

In any event, once again I exhort everyone to not waste their time
filtering the dialups.  Filter your customers, filter your own
networks; if you incidentally get most of your dialup servers covered
by that umbrella, fine.  If not, don't lose too much sleep over it --
if you don't believe me, just config up a linux box with the code of
your choice, and try to SYNflood someone over a dialup.

   Hmmmm.  If I were a hacker, I would be doing my best to make sure that
   my route to the victim was taking a path through as many foreign
   speaking networks as possible.  You'd have to speak Swahili and 
   Cantonese :)

Not worth the trouble.  The far ends of the earth where not even the
network admins speak English are on the ends of wet strings; it isn't
worth the aggreivation to telnet through them, and launching a
source-routed synflood through them would be self-defeating.

                                        ---Rob

• Previous message (by thread): A modest proposal
• Next message (by thread): A modest proposal
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]