Is there a line of defense against Distributed Reflective attacks?
E.B. Dreger
eddy+public+spam at noc.everquick.net
Tue Jan 28 00:16:45 UTC 2003
JB> Date: Mon, 27 Jan 2003 15:19:25 -0600
JB> From: Jack Bates
JB> So, if I'm reading this right, user of Vendor L doesn't like
JB> Vendor M. Instead of attacking Vendor M's software, the user
JB> just needs to make sure Vendor M's corporate servers get
JB> infected and cause enough damage to run Vendor M into
JB> bankruptcy from the resulting law suits?
Hey! Sounds almost like ILEC/CLEC business, dumb patents, et
cetera! (Not that I agree with that... not by a longshot...
but that's a real risk.)
JB> What about the small mom and pop shop? Will you watch as an
JB> old family business is run into the ground because someone
JB> didn't advise them properly on handling security? There is
JB> such a thing as making penalties too stiff. Many good
JB> businesses would be afraid to participate. Oh, wait. Never
JB> mind. They'd have Internet Vulnerability insurance.
Perhaps IVI is a worthy idea. Misconfigured computers certainly
have the potential to cause damages. "We can't afford to do it
right" is a poor excuse. Hiring an expert for a few hours is
much cheaper than than damage one can cause.
I heard a saying that, "If a business can't afford infrastructure
such as accounting, legal, et cetera, it's not a business -- it's
a hobby."
Who should bear the brunt of the damage inflicted by others? I
don't want to see people slinging ridiculous lawsuits (fast food
causes obesity! whoulda thunk?), but I can think of several
businesses that are willfully negligent when it comes to
security. Should they go unpunished?
Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist at brics.com>
To: blacklist at brics.com
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist at brics.com>, or you are likely to
be blocked.
More information about the NANOG
mailing list