The main problem with this kiddies is not _law_. It is _communication between ISP_ and _their ability to trace something_. In theory, any attack can be traced to it's origins. You need is a lot of time, yoou need good IP accoounting, a few filters; then you need to find zombied computers and install your own trojans to trace back hackers who use this zombies. It is easy to do it in such ciountry as Russia - I always could call my collegues from another ISP, ask them something, ask computer owner to allow me installl my own software in his, zombied, system, etc etc. When this traces lead us out to the Europe, everything became slower but _yet_ possible (it was 2 or 3 years ago). When traces came into the USA, you was sticked with 800-th phone, _Enter your account number / all our representatives are busy / brainless support engineers of the first level and unability to find someone skilled / privacy concerns, etc etc... I can get a very good example here. A lot of kiddies used 'ftp.technotronyc.com' as a store for the trojan packets. If someone investigate logs of this ftp and look _where /I mean IP addresses/ linux trojan kit 3 (for example)_ was downloaded, he definetely had a chance to find approximately 100 - 200 zombied systems over the world (because every time _this particular hackers_ broke into some linux, they downloaded lrk3, sniffers and other toold directly from this ftp server). If someone install his own trojan into the pre-build sniffers , they could have a chance to receive a notificatuion about broken and sniffered systems over the world. Etc etc. Guess, if we ever could find any person from ftp.technotronic.com? of course, we could not... Just the same thing was about Exodus and home pages hackers keep on it - no any chance to been understood... We never asked to give us this information, we asked only to collect it and investigate it (and we never dream FBI can participate and help). Talking about _law_. I know Russion law, it's not problem to prosecute a hacker if you have an evidences. And you even don't need a lot of them. In my understanding, it's more communication problem, not legislation one and not technical one... Alex Roudnev. ----- Original Message ----- From: <up@3.am> To: <nanog@merit.edu> Sent: Thursday, July 12, 2001 1:07 PM Subject: Re: DDoS attacks
That's obviously a big issue, but not unaddressable...most countries have laws against this sort of thing. At some point, somebody's going to deal with an unresponsive government by blackholing entire regions...certain APNIC blocks come to mind. Any network where DDoS perpetrators can operate with impunity will eventually be considered too dangerous to NOT blackhole.
We haven't arrived at that point yet because A) DDoS attacks haven't gotten so out of hand that it's stopping big businesses in their tracks continuously (but it may, soon) and B) At this point, NONE of the governments (including the US) are sufficiently responsive to the point where any particular region could be blackholed (but this will change as point A changes) to any effect.
On Thu, 12 Jul 2001, Alexei Roudnev wrote:
One important notice - most of this kiddies are not from USA.
----- Original Message -----
I can't help but believe that if even 20% of them were caught and had to spend just a little time (even hours) with the cops, and had their peecees confiscated, you'd not be seeing nearly the problems we are now.
James Smallacombe PlantageNet, Inc. CEO and Janitor up@3.am http://3.am =========================================================================