DDoS attacks

Roeland Meyer rmeyer at mhsc.com
Sun Jul 15 17:00:40 UTC 2001

> From: Brad [mailto:brad at americanisp.net]
> Sent: Thursday, July 12, 2001 9:18 AM
> On Thu, 12 Jul 2001, Roeland Meyer wrote:
> > > From: up at 3.am [mailto:up at 3.am]
> > > Sent: Thursday, July 12, 2001 7:23 AM
> >
> > > I can't help but believe that if even 20% of them
> > > were caught and had to spend just a little time (even 
> hours) with the
> > > cops, and had their peecees confiscated, you'd not be seeing
> > > nearly the problems we are now.
> >
> > This is the main point, a script-kiddie hunt, with 
> prosecution, is the ONLY
> > real deterrent. Throw some of them in hotel greybar and 
> remove them from
> > computing, for life, and we may see some of this turn around.
> I am just concerned about our current legal systems being
> able to handle such cases efficently.  Well.. Perhaps I
> should not use 'legal systems' and 'efficently' in the same
> sentence, but you get the idea ;)

Think "Kaspureff" (AlterNIC). They went after, and nailed, him with gusto
and efficiency. I think that the largest problem is "selective prosecution".
A couple of years ago three MHSC servers were root-kitted via the BIND
interface. It took 18x7 man-hours to scrub and bare-metal recover, without
the suspect backups, those three servers. Even then, we couldn't jump the
FBI's $60K damages hurdle. Yet, Kaspureff, with a lot less provable damage,
got caught, grilled, and chilled.

For those that don't know, this case is the best and most well-known example
of [arguably] deliberate DNS cache poisoning on record. If you don't
remember it then you need not comment.

The point is that our legal systems can move with great alacrity, given
sufficient motivation.

More information about the NANOG mailing list