In message <52F17931.40604@alter3d.ca>, Peter Kristolaitis writes:
On 2/4/2014 5:00 PM, Mark Andrews wrote:
Nope: it's easy to explain; you merely have to be a cynical bastard:
Attack traffic takes up bandwidth.
Providers sell bandwidth.
It *is in their commercial best interest (read: maximizing shareholder value) *NOT* to filter out DOS, DDOS, and spam traffic until their hand is forced -- it's actually their fiduciary duty not to. Then the need to be made criminally liable for the damage that it causes. Yes, the directors of these companies need to serve gaol time.
That would never fly, because it would put the politicians at odds with the telecom buddies that make huge political donations. Hard to throw someone in jail then hit them up for campaign money. What will probably happen is the same thing we do with everything else that might be used for evil purposes but where we don't want to tackle the real underlying problem -- just write a law banning something and hope the problem goes away.
No, you write a law requiring something, e.g. BCP 38 filtering by ISPs, and you audit it. You also make the ISPs directors liable for the impact that results from spoofed traffic from them. Making it law puts all the ISP's in the country on a equal footing with respect to implementation costs.
Make it illegal to posses a device capable of bandwith greater than 33.6Kbps without a special license, and BAM -- no more problems, overnight. For added political-style points, tack on a catchy moniker, like "Immoral Bandwidth Prohibition", "The War on DDOS", or "High-Capacity Digital Assault Bandwidth" to help sell it to the public. The public will be OK with their funny cat videos taking 19 hours to load if they know they're preventing bad guys from doing something evil.
If you have millions of compromised customers it doesn't matter what bandwidth limits they have. You can still launch a amplifying reflection DDoS from hosts behind 300 baud links.
After all, it's worked flawlessly for alcohol, drugs and guns, so it MUST work for networks... and it's much easier than those silly, so-called "solutions" y'all are talking about! :p
Regulation and audits works well enough for butchers, resturants etc. Remember once BCP 38 is implemented it is relatively easy to continue. The big step is getting it turned on in the first place which requires having the right equipment. Now if we could get equipement vendors to stop shipping models without the necessary support it would help but that also may require government intervention.
- Pete
(P.S. Dear politicians: in case you're reading this, the above was satire and should not be construed as anything resembling a good idea.)
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org