Only if that script kiddie doesn't have a couple hundred DDoS drones, and most have quite a few more than that. The probelm with these zombie networks is that they could be controlled from a 14.4 dialup and still knock out anything but the biggest infrastructure links on the internet. Active cooperation is needed from abuse departments for the victims of these attacks so that the compromised hosts are shut off quickly. On Sun, 12 Oct 2003 10:33:18 -0500 "Bryan Heitman" <bryan@bryanheitman.com> wrote:
Would you perhaps have more underlying problems if a "script kiddie" on a dialup can attack you in such a way to impact your service?
Bryan ----- Original Message ----- From: "Brian Bruns" <bruns@2mbit.com> To: "Matthew S. Hallacy" <poptix@techmonkeys.org>; "Matt" <acheron@qwest.net>; <nanog@merit.edu> Sent: Sunday, October 12, 2003 10:20 AM Subject: Re: Abuse Departments
----- Original Message ----- From: "Matthew S. Hallacy" <poptix@techmonkeys.org> To: "Matt" <acheron@qwest.net>; <nanog@merit.edu> Sent: Sunday, October 12, 2003 3:18 AM Subject: Re: Abuse Departments
Most places will take care of abuse issues if they get to the right person, but some places simply won't wake up their network admin at 11:00 on a saturday night because some script kiddie's DSL is getting attacked by another script kiddie on IRC.
Watch yourself poptix - you don't have such a squeaky clean past either.
Point is this. If your network/servers are being used in an attack
against
someone else, you can be held responsible if you do not act in a timely manner.
This "script kiddie's DSL" is actually a shared setup with several servers on the end of it and a firewall. What happens to it also affects me and my customers. When my customers go down, I get complaints.
Now, if your network was attacking mine from a comprimised box, and you failed to act in a timely fashion, regardless if its a DSL or a T1 or a dialup for that matter, I'd either sue you myself for allowing the attack to continue, or give my customers your info and let THEM sue you for it.
-- Andrew D Kirch | trelane@2mbit.com | Security Admin | Summit Open Source Development Group | www.sosdg.org