QODS ec

Saturday, June 19, 2004

OT: [Full-Disclosure] Akamai

Niek Baakman
to full-disclosure
Jun 15 (4 days ago)
Hi list,

akamai disappeared from the internet about an hour ago.
(all their dns servers are dead, hence many companies that
use akamai are unreachable: microsoft.com/liveupdate.symantec.com
apple/some search engines)

Does anyone know if it is security-related (ddos, something else).

Regards,

Niek

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________


Chris Carlson
to Niek, full-disclosure
Jun 15 (4 days ago)
I've just been told that it was a DoS. No details.


> -----Original Message-----
> From: full-disclosure-admin[ at ]lists.netsys.com
> [mailto:full-disclosure-admin[ at ]lists.netsys.com] On Behalf Of
> Niek Baakman
> Sent: Tuesday, June 15, 2004 09:58
> To: full-disclosure[ at ]lists.netsys.com
> Subject: [Full-Disclosure] Akamai
>
> Hi list,
>
> akamai disappeared from the internet about an hour ago.
> (all their dns servers are dead, hence many companies that
> use akamai are unreachable: microsoft.com/liveupdate.symantec.com
> apple/some search engines)
>
> Does anyone know if it is security-related (ddos, something else).
>
> Regards,
>
> Niek
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________Chris


james edwards
to full-disclosure
Jun 15 (4 days ago)
> I've just been told that it was a DoS. No details.

Unlikely, Akamai is an overlay network & the root content node is not
reachable.
Akamai can in real time spread web traffic through out their global network
of
servers, diluting a DoS to the point it is not significant. It is more
likely that the
complexity of the overlay network was the cause. Last week it was a DNS
issue
and it seemed much the same this week. Provided you know the IP's of the
content servers
you would find they were still up. At least that was what I as seeing.

Here is some info on Overlay Networks:
http://nms.lcs.mit.edu/ron/
http://nms.lcs.mit.edu/ron/#papers

Dr. Andersons "Mayday: Distributed Filtering for Internet Services "
is quite interesting.
http://nms.lcs.mit.edu/papers/mayday-usits2003/paper.html

--
James H. Edwards
Routing and Security Administrator
At the Santa Fe Office: Internet at Cyber Mesa
jamesh[ at ]cybermesa.com
noc[ at ]cybermesa.com
(505) 795-7101


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________james


Brent Colflesh
to full-disclosure
Jun 15 (4 days ago)
"Young called it a "large scale, international attack on Internet
infrastructure." However, there was no evidence that non-Akamai
infrastructure was affected."

http://apnews.excite.com/article/20040615/D837KIU00.html

Regards,
Brent


-----Original Message-----
From: full-disclosure-admin[ at ]lists.netsys.com
[mailto:full-disclosure-admin[ at ]lists.netsys.com]On Behalf Of james
edwards
Sent: Tuesday, June 15, 2004 4:45 PM
To: full-disclosure[ at ]lists.netsys.com
Subject: Re: [Full-Disclosure] Akamai

> I've just been told that it was a DoS. No details.

Unlikely, Akamai is an overlay network & the root content node is not
reachable.
Akamai can in real time spread web traffic through out their global network
of
servers, diluting a DoS to the point it is not significant. It is more
likely that the
complexity of the overlay network was the cause. Last week it was a DNS
issue
and it seemed much the same this week. Provided you know the IP's of the
content servers
you would find they were still up. At least that was what I as seeing.

Here is some info on Overlay Networks:
http://nms.lcs.mit.edu/ron/
http://nms.lcs.mit.edu/ron/#papers

Dr. Andersons "Mayday: Distributed Filtering for Internet Services "
is quite interesting.
http://nms.lcs.mit.edu/papers/mayday-usits2003/paper.html

--
James H. Edwards
Routing and Security Administrator
At the Santa Fe Office: Internet at Cyber Mesa
jamesh[ at ]cybermesa.com
noc[ at ]cybermesa.com
(505) 795-7101

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________Brent


Chris Carlson
to james, full-disclosure
Jun 15 (4 days ago)
http://www.washingtonpost.com/wp-dyn/articles/A43635-2004Jun15.html

Need to register, but it's no hassle.
I'd mirror to my server, but copyright blah blah blah.

Anyone have any more info?


> -----Original Message-----
> From: full-disclosure-admin[ at ]lists.netsys.com
> [mailto:full-disclosure-admin[ at ]lists.netsys.com] On Behalf Of
> james edwards
> Sent: Tuesday, June 15, 2004 16:45
> To: full-disclosure[ at ]lists.netsys.com
> Subject: Re: [Full-Disclosure] Akamai
>
> > I've just been told that it was a DoS. No details.
>
> Unlikely, Akamai is an overlay network & the root content
> node is not reachable.
> Akamai can in real time spread web traffic through out their
> global network of servers, diluting a DoS to the point it is
> not significant. It is more likely that the complexity of the
> overlay network was the cause. Last week it was a DNS issue
> and it seemed much the same this week. Provided you know the
> IP's of the content servers you would find they were still
> up. At least that was what I as seeing.
>
> Here is some info on Overlay Networks:
> http://nms.lcs.mit.edu/ron/
> http://nms.lcs.mit.edu/ron/#papers
>
> Dr. Andersons "Mayday: Distributed Filtering for Internet Services "
> is quite interesting.
> http://nms.lcs.mit.edu/papers/mayday-usits2003/paper.html
>
> --
> James H. Edwards
> Routing and Security Administrator
> At the Santa Fe Office: Internet at Cyber Mesa
> jamesh[ at ]cybermesa.com noc[ at ]cybermesa.com
> (505) 795-7101
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________Chris


james edwards
to full-disclosure
Jun 15 (4 days ago)
Akamai is saying their DNS continued to work.

http://www.theregister.co.uk/2004/06/15/akamai_goes_postal/

Akamai has got back to us to explain that the problem stemmed from what a
spokesman called a "large scale international attack on the Internet's
infrastructure". Akamai said the attack was primarily aimed at the large
search engines - of which it runs the three largest, Yahoo!, Google and
Lycos - which meant that people were unable to access the sites.

The spokesman denied however that it was an outage and ****said that the
Akamai name service continued to function throughout the attack**** which
ended around two hours later.



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________james


Ben Nelson
to full-disclosure
Jun 15 (4 days ago)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Keep in mind that the term 'DOS' doesn't necessarily mean 'flood of
traffic'. A denial of service is just that......a _denial of service_
by any means, and I'd say that there was definitlely some service being
denied. Don't think so?.....ask Google or Yahoo.

- --Ben

james edwards wrote:
|>I've just been told that it was a DoS. No details.
|
|
| Unlikely, Akamai is an overlay network & the root content node is not
| reachable.
| Akamai can in real time spread web traffic through out their global
network
| of
| servers, diluting a DoS to the point it is not significant. It is more
| likely that the
| complexity of the overlay network was the cause. Last week it was a DNS
| issue
| and it seemed much the same this week. Provided you know the IP's of the
| content servers
| you would find they were still up. At least that was what I as seeing.
|
| Here is some info on Overlay Networks:
| http://nms.lcs.mit.edu/ron/
| http://nms.lcs.mit.edu/ron/#papers
|
| Dr. Andersons "Mayday: Distributed Filtering for Internet Services "
| is quite interesting.
| http://nms.lcs.mit.edu/papers/mayday-usits2003/paper.html
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAz2293cL8qXKvzcwRAljLAJ9cRyIW3pK0pGgjwVjkO8RXhztMwwCg8ql6
hqZiM20cOQ6cdosafHeexic=
=YmGu
-----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________Ben


scosol[ at ]scosol.org
to james, full-disclosure
Jun 15 (4 days ago)
james edwards wrote:
>>I've just been told that it was a DoS. No details.
>
>
> Unlikely, Akamai is an overlay network & the root content node is not
> reachable.
> Akamai can in real time spread web traffic through out their global network
> of
> servers, diluting a DoS to the point it is not significant. It is more
> likely that the
> complexity of the overlay network was the cause. Last week it was a DNS
> issue
> and it seemed much the same this week.

I don't think so- yeah a DOS against the content nodes isn't gonna do
much but a DOS against their nameservers is fully workable.

--
"jupiter accepts your offer"
AIM: IMFDUP
http://www.scosol.org/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________scosol[ at ]scosol.org


james edwards
to full-disclosure
Jun 15 (4 days ago)
> "Young called it a "large scale, international attack on Internet
> infrastructure." However, there was no evidence that non-Akamai
> infrastructure was affected."
>
> http://apnews.excite.com/article/20040615/D837KIU00.html
>
> Regards,
> Brent


With an attack of this indicated size, there are always choke points
just prior to the DoS traffic hitting the intended hosts. These choke points
tend to be NAP's or IX'es. The real harm gets done at these points, where
the DoS converges. So far no one has spoken up on NANOG with issues
at NAP's or IX'es. With the last big DDoS of the DNS root's the roots never
when down;
it was the access points just prior to the root that took the beating. I had
no problems with
any east or west coast NAP's or IX'es this morning nor were any problems
reported on NANOG.


james


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________james


james edwards
to full-disclosure
Jun 15 (4 days ago)

>
> I don't think so- yeah a DOS against the content nodes isn't gonna do
> much but a DOS against their nameservers is fully workable.

Akamai seems to be saying the NS was functioning:


The spokesman denied however that it was an outage and ****said that the
Akamai name service continued to function throughout the attack**** which
ended around two hours later.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________james


james edwards
to full-disclosure
Jun 15 (4 days ago)
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Keep in mind that the term 'DOS' doesn't necessarily mean 'flood of
> traffic'. A denial of service is just that......a _denial of service_
> by any means, and I'd say that there was definitlely some service being
> denied. Don't think so?.....ask Google or Yahoo.
>
> - --Ben


Actually I did not sat this part:

>
> james edwards wrote:
> |>I've just been told that it was a DoS. No details.

I would agree that a DoS can be many things. But if you are able to read for
context
it is clear the below is speaking of a DoS in the flood of traffic context.

This part is me:



> |
> |
> | Unlikely, Akamai is an overlay network & the root content node is not
> | reachable.
> | Akamai can in real time spread web traffic through out their global
> network
> | of
> | servers, diluting a DoS to the point it is not significant. It is more
> | likely that the
> | complexity of the overlay network was the cause. Last week it was a DNS
> | issue
> | and it seemed much the same this week. Provided you know the IP's of the
> | content servers
> | you would find they were still up. At least that was what I as seeing.
> |
> | Here is some info on Overlay Networks:
> | http://nms.lcs.mit.edu/ron/
> | http://nms.lcs.mit.edu/ron/#papers
> |
> | Dr. Andersons "Mayday: Distributed Filtering for Internet Services "
> | is quite interesting.
> | http://nms.lcs.mit.edu/papers/mayday-usits2003/paper.html
> |
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
>
> iD8DBQFAz2293cL8qXKvzcwRAljLAJ9cRyIW3pK0pGgjwVjkO8RXhztMwwCg8ql6
> hqZiM20cOQ6cdosafHeexic=
> =YmGu
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________james


Bob Beringer
to full-disclosure
Jun 15 (4 days ago)
All,

Just found this site: http://bugmenot.com/
It will help you bypass registration, if you would like :-)

v/r
Bob Beringer


"Chris Carlson" <chris[ at ]compucounts.com> wrote:

http://www.washingtonpost.com/wp-dyn/articles/A43635-2004Jun15.html

Need to register, but it's no hassle.
I'd mirror to my server, but copyright blah blah blah.

Anyone have any more info?

> -----Original Message-----
> From: full-disclosure-admin[ at ]lists.netsys.com
> [mailto:full-disclosure-admin[ at ]lists.netsys.com] On Behalf Of
> james edwards
> Sent: Tuesday, June 15, 2004 16:45
> To: full-disclosure[ at ]lists.netsys.com
> Subject: Re: [Full-Disclosure] Akamai
>
> > I've just been told that it was a DoS. No details.
>
> Unlikely, Akamai is an overlay network & the root content
> node is not reachable.
> Akamai can in real time spread web traffic through out their
> global network of servers, diluting a DoS to the point it is
> not significant. It is more likely that the complexity of the
> overlay network was the cause. Last week it was a DNS issue
> and it seemed much the same this week. Provided you know the
> IP's of the content servers you would find they were still
> up. At least that was what I as seeing.
>
> Here is some info on Overlay Networks:
> http://nms.lcs.mit.edu/ron/
> http://nms.lcs.mit.edu/ron/#papers
>
> Dr. Andersons "Mayday: Distributed Filtering for Internet Services "
> is quite interesting.
> http://nms.lcs.mit.edu/papers/mayday-usits2003/paper.html
>
> --
> James H. Edwards
> Routing and Security Administrator
> At the Santa Fe Office: Internet at Cyber Mesa
> jamesh[ at ]cybermesa.com noc[ at ]cybermesa.com
> (505) 795-7101
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________Bob


scosol
to james, full-disclosure
Jun 15 (4 days ago)
james edwards wrote:

>>I don't think so- yeah a DOS against the content nodes isn't gonna do
>>much but a DOS against their nameservers is fully workable.
>
>
> Akamai seems to be saying the NS was functioning:
>
> The spokesman denied however that it was an outage and ****said that the
> Akamai name service continued to function throughout the attack**** which
> ended around two hours later.

That's BS-

See these Symantec and Apple graphs- the outage was clearly at the DNS
level:

http://anon.scosol.speedera.net/anon.scosol/apple_outage.png
http://anon.scosol.speedera.net/anon.scosol/symantec_outage.png

It's my 24/7 job to monitor Akamai :)


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________scosol


Darren Reed
to james, full-disclosure
Jun 15 (4 days ago)
> "Young called it a "large scale, international attack on Internet
> infrastructure." However, there was no evidence that non-Akamai
> infrastructure was affected."
>
> http://apnews.excite.com/article/20040615/D837KIU00.html
>
> Regards,
> Brent

I curious to know if organised crime was involved or was it
some rogue hacker/group or just a technical glitch?

Reports say the attacked stopped after ~2 hours but why?

Someone must have "called it off" but in response to what?

If so, was it just a demonstration of "power" or something else?

After reading about extortion attempts by various groups that use
DoS tactics to impact web sales, clearly the nature of all DoS
attacks against large sites must be looked at in more depth to
get a good picture of what is happening.

This is a whole new play ground for organised crime, mostly thanks
to Microsoft. You've got millions of PC's around the world that
are largely, in one way or another, susceptible to computer virii,
making them open targets for use as minions. And the perfect seed
for spreading them is the databases of email addresses used by
spammers...

What's interesting is that in contrast to old-school protection
rackets, there appears to be no offering of protection from attack
by others.

Darren


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________Darren


tcleary2[ at ]csc.com.au
to full-disclosure
Jun 16 (3 days ago)
Darren Reed said:

>What's interesting is that in contrast to old-school protection
>rackets, there appears to be no offering of protection from attack
>by others.

IIRC the main purpose of DoS attacks ( apart from kiddie fights )
is to allow a trust exploit/MITM to succeed - e.g. session hijacking.

Maybe someone wanted to plant something by pretending to be the
WindowsUpdate site?

If you're akamamai'd, poisoning DNS would be harder, but changing
IP address wouldn't seem unusual, would it?

Regards,

tom.

----------------------------------------------------------------------------------------
Tom Cleary - Security Architect

"In IT, acceptable solutions depend upon humans - Computers don't
negotiate."
----------------------------------------------------------------------------------------
This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. NOTE: Regardless of content, this e-mail shall not operate to
bind CSC to any order or other contract unless pursuant to explicit
written agreement or government initiative expressly permitting the use of
e-mail for such purpose.
----------------------------------------------------------------------------------------


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________tcleary2[ at ]csc.com.au


Paul Schmehl
to full-disclosure
Jun 16 (3 days ago)
--On Wednesday, June 16, 2004 11:53:23 AM +1000 Darren Reed
<avalon[ at ]caligula.anu.edu.au> wrote:
>
> This is a whole new play ground for organised crime, mostly thanks
> to Microsoft. You've got millions of PC's around the world that
> are largely, in one way or another, susceptible to computer virii,
> making them open targets for use as minions. And the perfect seed
> for spreading them is the databases of email addresses used by
> spammers...
>
If networks simply took responsibility for the traffic that comes from
them, this problem wouldn't exist. It's completely trivial to find
infected hosts on a network through passive monitoring. They should then
be disconnected until they are properly cleaned and secured.

Unless networks begin doing this routinely (including ISPs), legislation
will be introduced to "solve" the problem, and then we will all be much
worse off. There's nothing like a law to completely screw things up.

Paul Schmehl (pauls[ at ]utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________Paul


Peter van den Heuvel
to full-disclosure
Jun 16 (3 days ago)
Paul Schmehl wrote:
> If networks simply took responsibility for the traffic that comes from
> them, this problem wouldn't exist.
Indeed. DNS's, AS's and what not else is required to make the internet
tick; all is centrally controlled and delegated. What's missing is a
flanking reverse of resposibilities. It's idiotic that providers or even
full countries can completely ignore / reject any complaint without
having their AS or DNS taken down.

> Unless networks begin doing this routinely (including ISPs), legislation
> will be introduced to "solve" the problem, and then we will all be much
> worse off. There's nothing like a law to completely screw things up.
Amen!

Peter


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________Peter


Ron DuFresne
to Paul, full-disclosure
Jun 16 (3 days ago)

Might as well toss in egress filtering to prvent many of the abuses of
spoofing that happen in the present env of the internet. The ISP and
others will claim that this is far too costly for their routers to handle,
but, for the vast majority of sites, this is likely to not be as costly as
the network folks are claiming as a way to avoid doing a tad bit more work
in their router configs. Some of the worst sites for spoofing abuses, and
those that have networkies that will complain the loudest, are the .edu's.

Thanks,

Ron DuFresne

[SNIP]

> >
> If networks simply took responsibility for the traffic that comes from
> them, this problem wouldn't exist. It's completely trivial to find
> infected hosts on a network through passive monitoring. They should then
> be disconnected until they are properly cleaned and secured.
>
> Unless networks begin doing this routinely (including ISPs), legislation
> will be introduced to "solve" the problem, and then we will all be much
> worse off. There's nothing like a law to completely screw things up.
>
> Paul Schmehl (pauls[ at ]utdallas.edu)
> Adjunct Information Security Officer
> The University of Texas at Dallas
> AVIEN Founding Member
> http://www.utdallas.edu/ir/security/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D. Just don't touch anything.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________Ron


valdis.kletnieks[ at ]vt.edu
to Peter, full-disclosure
Jun 16 (3 days ago)
On Wed, 16 Jun 2004 21:26:45 +0200, Peter van den Heuvel <peter[ at ]bank-connect.com> said:
> Indeed. DNS's, AS's and what not else is required to make the internet
> tick; all is centrally controlled and delegated. What's missing is a
> flanking reverse of resposibilities. It's idiotic that providers or even
> full countries can completely ignore / reject any complaint without
> having their AS or DNS taken down.

In other arenas, they call the concept "diplomatic immunity"....


noname - 1K

_______________________________________valdis.kletnieks[ at ]vt.edu


Peter van den Heuvel
to full-disclosure
Jun 16 (3 days ago)
Yo!

> In other arenas, they call the concept "diplomatic immunity"....
Indeed. And is almost as idiotic there. But the issue is that the
Internet does not have any "reverse responsibility" mechanism; an evil
minor-player under a lax-average-provider can do whatever he feels that
suits him best, and disregard majority opinion. An anarchy without even
fundamental feedback regulatory mechanisms is simply prey; me paying for
anothers fortune. And the least thing that would work is governments
imposing their preferences. So maybe ICAN and the likes should consider
some form of responsibility in these matters.

Alas, Peter


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________Peter


gabriel rosenkoetter
<gr[ at ]eclipsed.net> to full-disclosure
Jun 16 (3 days ago)
On Wed, Jun 16, 2004 at 04:57:10PM -0400, Valdis.Kletnieks[ at ]vt.edu wrote:
> On Wed, 16 Jun 2004 21:26:45 +0200, Peter van den Heuvel <peter[ at ]bank-connect.com> said:
> > flanking reverse of resposibilities. It's idiotic that providers or even
> > full countries can completely ignore / reject any complaint without
> > having their AS or DNS taken down.
> In other arenas, they call the concept "diplomatic immunity"....

In those same arenas, they call the denial of privilege by an
unrecognized entity (or entities) "anarchy". Which is one of those
things that sounds like a really good idea till you're no longer
in the de facto majority. ("They came for...")

On Wed, Jun 16, 2004 at 12:23:35PM -0500, Paul Schmehl wrote:
> Unless networks begin doing this routinely (including ISPs), legislation
> will be introduced to "solve" the problem, and then we will all be much
> worse off. There's nothing like a law to completely screw things up.

Actually, a clearly defined, limited, exact law is precisely what
we need here. We just lack any appropriate legislative body. (No
national legislature qualifies, and no international body--they
exist: NATO, UN, EU--can make a plausible claim to jurisdiction.)

--
gabriel rosenkoetter
gr[ at ]eclipsed.net

noname - 1K

_______________________________________gabriel


Niek Baakman
to full-disclosure
Jun 17 (2 days ago)
Niek Baakman wrote:

> Hi list,
>
> akamai disappeared from the internet about an hour ago.
> (all their dns servers are dead, hence many companies that
> use akamai are unreachable: microsoft.com/liveupdate.symantec.com
> apple/some search engines)
>
> Does anyone know if it is security-related (ddos, something else).
>
> Regards,
>
> Niek

http://www.computerworld.com/securitytopics/security/story/0,10801,93875,00.html?SKC=security-93875


Regards,

Niek

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________


Darren Reed
to Paul, full-disclosure
Jun 17 (2 days ago)
In some mail from Paul Schmehl, sie said:
>
> --On Wednesday, June 16, 2004 11:53:23 AM +1000 Darren Reed
> <avalon[ at ]caligula.anu.edu.au> wrote:
> >
> > This is a whole new play ground for organised crime, mostly thanks
> > to Microsoft. You've got millions of PC's around the world that
> > are largely, in one way or another, susceptible to computer virii,
> > making them open targets for use as minions. And the perfect seed
> > for spreading them is the databases of email addresses used by
> > spammers...
> >
> If networks simply took responsibility for the traffic that comes from
> them, this problem wouldn't exist. It's completely trivial to find
> infected hosts on a network through passive monitoring. They should then
> be disconnected until they are properly cleaned and secured.
>
> Unless networks begin doing this routinely (including ISPs), legislation
> will be introduced to "solve" the problem, and then we will all be much
> worse off. There's nothing like a law to completely screw things up.

That depends upon whose pockets the legislators responsible live in.

In America, the legislation seems loathe to do anything that impedes
people making money and companies will lobby senators, congressmen to
ensure this stays the same (c.f. comments about Microsoft and others
trying to ensure that the FCC doesn't decide that VoIP people deserve
the same kind of basic service as POTS.)

In other countries, you might find the legislators are more influenced
by organised crime and so you're not likely to get as much assistance
in combatting the root cause of these problems.

But I'm sure that ISPs would argue that being forced to take responsibility
for the traffic that comes from them is an excellent example of legislation
geting in the way and screwing things up.

Darren

0 Comments:

Post a Comment

<< Home


Get Firefox!