On 14 Jan 2003, Paul Vixie wrote:
This is alarming, considering the increase in attacks against infrastructure, and the sophistication of attacks over the last year. And we still use basically the same ineffective techniques to counteract and track attacks that became household words two years ago.
yes.
I suspect a very effective worm would change this pretty quickly, most likely through onerous regulation. It's surprising that it hasn't happened already.
i've had absolutely no luck getting the source isp's to care about the problems i've seen at my home firewall in recent weeks. (see below if you wonder whether i'm implicating anyone here.) there's no other way to view the internet than as a worm-infested zombie.
One problem with notifications typically (that I've seen) is that there is no one to notify... there may be an email address, but most likely that's not even watched/read/responded-to/reacted-upon. From my experience we recieve less than 1 in 3K responses :( For UUNET I know that there is a response and action on 'all' complaints, provided there is enough info to take some action. NOTE, that action might not be 'disconnect' it might be 'notify downstream customer'... but atleast someone is doing something :) And there is a 24/7 security group responsible for dealing with live incidents. This is also not very common at most organizations. :( To start fixing this problem every ISP really needs some security folks dedicated to customer security issues... These folks need to have the ability to contact customers and shut off services until the problem has been rectified. Hopefully, once there are security folks at all ISP's the ISP's will be able to speak intelligently and civily to each other to cooperate and contain problems.
(this is a grep of just the port scans and attacks against ftp here.) -- snipped --