Obviously NATO is not concerned with proving the culprit of an attack an albeit close to impossibility. Considering that many attackers compromise so many machines, what's to stop someone from instigating. I can see it coming now:
hping -S 62.128.58.180 -a 62.220.119.62 -p ++21 -w 6000 hping -S 62.220.119.62 -a 62.128.58.180 -p ++21 -w 6000
Lets try to seperate the attacks into those that we (NANOG) have dealt with and those that NATO are referring to - and there is *no* overlap between the two.
Attacks such as botnets, hpings, compromised machines, DDOS attacks, site defacements, prefix hijacks is what this list deals with, sometimes well and other times not.
The attacks NATO is referring to are ones like causing trains to crash into each other, attacks causing oil and gas pipelines to overload and explode, attacks altering blood bank data, attacks poisoning the water supply, etc. - all of which can be done remotely.
NATO is in no way (unless they have been out in the sun too long) condoning an attack for a DDOS attack. I think NATO is discussing attacking if 5,000 people die from some cyber attack as listed above (I have many more scenerios).
That's a great starting place, because most will agree that such attacks would be sufficiently serious to warrant a response. However, 1) What happens when the attack moves on down the scale, towards "a cyber attack that crippled vital military communication networks (but didn't kill anyone)", or "a cyber attack that crippled government websites (but was basically just a nuisance)"? 2) What happens when a decision is made to play tit for tat, and A attacks B, B misidentifies A as C, and B attacks C with cyber warfare? "Cyber warfare" responses will almost certainly need to include DoS capabilities. This is troublesome. Let's consider, for the sake of discussion, an attack by the US on Elbonia. Everyone here knows how the 'net works; Elbonia isn't going to allow the US military to run a bunch of fiber to their border and hook up to their routers. That traffic will have to arrive via existing commercial connectivity. How exactly will that work? How exactly will that impact the carriers who are also running their normal traffic for other locations on the same networks? Some I've talked to seem to think that this is an unlikely or even unthinkable situation, but let's be realistic: if you want to render an enemy's radio communication useless, you flood their radio spectrum, etc., and at some point, it's not unthinkable to the average politician to expect to be able to do the same thing to a network. It's not unthinkable, alas. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.