Peter/ I am not sure about last smurf incident, but don't overestimate _dark minds_ caused this incident. I am 99.9% shure all (ALL) this incidents complained about in NANOG was the same _kidscripts_. This do not mean you should not prevent the possibility of _cyberterrorism_, and let's this _kid's plays_ help to pay attention to the security holes we have over the Internet. On Thu, 14 Jan 1999, Peter Swedock wrote:
Date: Thu, 14 Jan 1999 15:13:34 +0000 From: Peter Swedock <pswedock@bbnplanet.com> To: Phil Howard <phil@whistler.intur.net>, Brandon Ross <bross@mindspring.net> Cc: nanog@merit.edu Subject: Re: Solution: Re: Huge smurf attack
On Jan 13, 1:23pm, Phil Howard wrote:
Filtering .0 and .255, or filtering echos or ICMPs, are all indeed a form of "fixing" the symptom. These things are being done because fixing the cause isn't practical.
But what is the cause? Is it that kids with scripts will attack and try to bring down an IRC server or the network that hosts it? Or is it that they have the scripts in the first place? Or is it that they are using networks that allow them to do this in the first place?
I think blamin' the 'scriptkidz' in this instance isn't accurate. I think this incident had a political component that is overlooked here, and one that requires discussion. And that this smurfing was, quite possibly, an answer to that political component.
I'm speaking about the "Nuremburg Files" which is downstream of Mindspring. For those of you who don't know, this page is a listing of abortion providers, clinic workers and their respective spouses. Those abortion providers and clinic workers who have been killed are struck-through on this page, those who have been wounded, or who have stopped providing abortions for whatever reason, are grayed out and those remaining are, for lack of a better term, targeted, through the collection of personal information (licsense plate numbers, home addresses, phone numbers, etc...)
I bring this up, not to discuss content, but because a lawsuit has been brought, and which began Friday, against this page charging that it is a hit-list that crosses the line of free speech into incitement to violence. The suit has received some national attention (was prominently featured on the CNN webpage) and appears to be, at present, ground zero for the pro-life/pro-choice debates...
Given all that, is it hard to beleive that some-one, moderately skilled in networking but extreme in political views, attempted to shut down this page by shutting down Mindspring?
This is the real world, people. This isn't the goodgeeks vs. the skriptkiddiez in their own private internet bubble. It is entirely plausible (even likely, given the timing of the case opening Friday, the subsequent publicity and the "huge smurf attack" Saturday...) that this was a political act, and guess what... we're squeezed in the middle. It ain't about which side of the debate any on NANOG will fall on, but the fact that the debate may be falling on us.
The cause of burglaries and thefts is bad people.
But the cause of political terrorism is extreme people. I think that, if this smurf attack was in response to the web page "The Nuremburg Files", it is an act of terrorism in response to an act of terrorism: that is to say the page is extreme, so why do we not expect responses to it to be extreme? And, in the middle, network engineers putting out the fires... networks being the battlegrounds that these people have chosen.
I admire Mindspring's position of making Internet access unrestricted. But what is the real motivation? Is it the goal of "perfect IP" or is the business case of decreasing tech support costs? They are, afterall, in the business of providing consumer dialup access, and as we all know that line of business is very costly in areas of tech support. Network attacks are also a real cost. I would suggest that treating some of the symptoms, at least for now, will cut some costs until the day that we can achieve the utopian goal of the perfect solution to the cause.
But if you want "unrestricted internet access" you'll get pages like "The Nuremburg Files" and you'll get people who object to that...
I don't know what the solution is... but I do think we'll all be better off opening our eyes to the situation, rather than simply blaming the 'skriptkiddiez'.
Peace,
Petr
-- "Everything should be made as simple as possible, but not simpler" A. Einstein
Petr Swedock, Associate Engineer | Network Operations ,o __|-. GTE INTERNETWORKING, POWERED BY BBN ,_~o/ \/ \ ph: 781.262.6300/781.262.6541 |/ | fax: 781.262.6234 / > | ' ` | email: pswedock@bbnplanet.com/pswedock@gtei.net | ______________________________________________________________|
Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)