Abuse Departments

Andrew D Kirch trelane at trelane.net
Sun Oct 12 15:44:29 UTC 2003


Only if that script kiddie doesn't have a couple hundred DDoS drones, and most have quite a few more than that.  The probelm with these zombie networks is that they could be controlled from a 14.4 dialup and still knock out anything but the biggest infrastructure links on the internet. Active cooperation is needed from abuse departments for the victims of these attacks so that the compromised hosts are shut off quickly.

On Sun, 12 Oct 2003 10:33:18 -0500
"Bryan Heitman" <bryan at bryanheitman.com> wrote:

> 
> Would you perhaps have more underlying problems if a "script kiddie" on a
> dialup can attack you in such a way to impact your service?
> 
> Bryan
> ----- Original Message ----- 
> From: "Brian Bruns" <bruns at 2mbit.com>
> To: "Matthew S. Hallacy" <poptix at techmonkeys.org>; "Matt"
> <acheron at qwest.net>; <nanog at merit.edu>
> Sent: Sunday, October 12, 2003 10:20 AM
> Subject: Re: Abuse Departments
> 
> 
> >
> > ----- Original Message ----- 
> > From: "Matthew S. Hallacy" <poptix at techmonkeys.org>
> > To: "Matt" <acheron at qwest.net>; <nanog at merit.edu>
> > Sent: Sunday, October 12, 2003 3:18 AM
> > Subject: Re: Abuse Departments
> >
> >
> > > Most places will take care of abuse issues if they get to the right
> > person,
> > > but some places simply won't wake up their network admin at 11:00 on a
> > saturday
> > > night because some script kiddie's DSL is getting attacked by another
> > > script kiddie on IRC.
> > >
> >
> >
> > Watch yourself poptix - you don't have such a squeaky clean past either.
> >
> > Point is this.  If your network/servers are being used in an attack
> against
> > someone else, you can be held responsible if you do not act in a timely
> > manner.
> >
> > This "script kiddie's DSL" is actually a shared setup with several servers
> > on the end of it and a firewall.  What happens to it also affects me and
> my
> > customers.  When my customers go down, I get complaints.
> >
> > Now, if your network was attacking mine from a comprimised box, and you
> > failed to act in a timely fashion, regardless if its a DSL or a T1 or a
> > dialup for that matter, I'd either sue you myself for allowing the attack
> to
> > continue, or give my customers your info and let THEM sue you for it.
> >
> 
> 


-- 

Andrew D Kirch  |	    trelane at 2mbit.com            | 
Security Admin  |  Summit Open Source Development Group  | www.sosdg.org





More information about the NANOG mailing list