Is there a line of defense against Distributed Reflective attacks?

• Previous message (by thread): Is there a line of defense against Distributed Reflective attacks?
• Next message (by thread): Is there a line of defense against Distributed Reflective attacks?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 27 Jan 2003 15:53:07 EST, alex at yuriev.com said:

> The amazingly simple solution is to make it uneconomical for anyone to
> maintain unprotected network (for whatever two sets uneconomical and
> unprotected are). For example, have a machine that had been broken into and
> used to attack a company which lost $5M because of that attack, make whoever
> owns the machine was broken into pay $5M + attorney frees + punitive

So the guy who makes $25K a year and has a $400 PC in a single-wide finds
himself liable for $5M because Nimda jumped from his PC to some PC in a
large corporation, where it then goes on a large burn.

(a) How do you collect?

(b) What does the corporation do when the defense lawyer argues that it's
95% the corporation's fault for *letting* the trailer-trash PC do it?

Most corporate exec don't want to go there - they'd have to quantify that
they had $5M in damages, and then they'd have to explain to the shareholders
why their screw-up cost the share-holders $5M in lost profits/dividends.

It would be a Phyrric victory, at best...


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20030127/f865c233/attachment.sig>

• Previous message (by thread): Is there a line of defense against Distributed Reflective attacks?
• Next message (by thread): Is there a line of defense against Distributed Reflective attacks?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]