Nato warns of strike against cyber attackers

Joe Greco jgreco at ns.sol.net
Wed Jun 9 11:22:37 UTC 2010


> >Obviously NATO is not concerned with proving the culprit of an attack an
> >albeit close to impossibility. Considering that many attackers
> >compromise so many machines, what's to stop someone from instigating. I
> >can see it coming now:
> >
> >hping -S 62.128.58.180 -a 62.220.119.62 -p ++21 -w 6000
> >hping -S 62.220.119.62 -a 62.128.58.180 -p ++21 -w 6000
> 
> Lets try to seperate the attacks into those that we (NANOG) have dealt with 
> and those that NATO are referring to - and there is *no* overlap between 
> the two.
> 
> Attacks such as botnets, hpings, compromised machines, DDOS attacks, site 
> defacements, prefix hijacks is what this list deals with, sometimes well 
> and other times not.
> 
> The attacks NATO is referring to are ones like causing trains to crash into 
> each other, attacks causing oil and gas pipelines to overload and explode, 
> attacks altering blood bank data, attacks poisoning the water supply, etc. 
> - all of which can be done remotely.
> 
> NATO is in no way (unless they have been out in the sun too long) condoning 
> an attack for a DDOS attack.  I think NATO is discussing attacking if 5,000 
> people die from some cyber attack as listed above (I have many more scenerios).

That's a great starting place, because most will agree that such attacks
would be sufficiently serious to warrant a response.

However,

1) What happens when the attack moves on down the scale, towards "a cyber
   attack that crippled vital military communication networks (but didn't
   kill anyone)", or "a cyber attack that crippled government websites
   (but was basically just a nuisance)"?

2) What happens when a decision is made to play tit for tat, and A attacks
   B, B misidentifies A as C, and B attacks C with cyber warfare?

"Cyber warfare" responses will almost certainly need to include DoS
capabilities.  This is troublesome.  Let's consider, for the sake of 
discussion, an attack by the US on Elbonia.  Everyone here knows how
the 'net works; Elbonia isn't going to allow the US military to run a
bunch of fiber to their border and hook up to their routers.  That
traffic will have to arrive via existing commercial connectivity. 
How exactly will that work?  How exactly will that impact the carriers
who are also running their normal traffic for other locations on the
same networks?  Some I've talked to seem to think that this is an
unlikely or even unthinkable situation, but let's be realistic:  if
you want to render an enemy's radio communication useless, you flood 
their radio spectrum, etc., and at some point, it's not unthinkable to
the average politician to expect to be able to do the same thing to a
network.

It's not unthinkable, alas.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.




More information about the NANOG mailing list