On Fri, Jan 17, 2003 at 06:38:08PM +0000, Christopher L. Morrow wrote:
On Fri, 17 Jan 2003, John Kristoff wrote:
impractical). If the sources can be tracked, perhaps they can be stopped (but large number of sources make this a scaling issue and sometimes not all responsible parties are as cooperative or friendly as you might like). There is also the threat of legal response, which could encourage networks and hosts to stop and prevent attacks in the
Legal response to the kiddies has never shown a marked improvement in their behaviour. Much like the death penalty... its just not a deterrent, perhaps because its not enforced on a more regular basis, perhaps because no one thinks about that before they attack.
I think John was more referring to legal action against networks and hosts used in the attack. Without getting too much into the likelihood of any legal body actually understanding anyone's role in an attack besides the attacker and the victim, in this land where tobacco companies are sued by smokers who get lung cancer and fast food restaurants are sued by fat people there must be room for such cases as: "XYZ Corp cost me $5mil in lost business. They were negligent in securing their (network|host) from being used as a DoS attack tool despite being informed of such by us both before and during said attack." Perhaps this would cause companies to take security more seriously? Have there been any such cases to date? Did they win? -c