On Tue, 16 Jun 1998, Michael Dillon wrote:
Government scrutiny is headed our way http://www.fcw.com/pubs/fcw/1998/0615/fcw-frontcyber-6-15-1998.html
The feds are worried that it is too hard to track down cyber attackers. Although the article doesn't say this explicitly I expect that it won't be long before we see politicians calling for some sort of mandated tracing capabilities between network providers
Since it's already difficult to track down attacks, I feel that any intervention on THIS MATTER would be welcomed by many people. What we must be cautious about is giving the goverment too much power in this matter. I fear big goverment, this often means more taxes, and inefficiency.
And since IOPS http://www.iops.org/ is hosted by a government funded agency located on the outskirts of DC, I expect that it will be involved in this whole thing.
If we could track attacks to their source more quickly, then government would not feel the need to intervene. This may require some changes to router software but unless network operators ask for the changes, the manufacturers will not do it.
I agree with you fully. I feel that few networks practice good security. Network Engineers and Operators need to be more proactive when it comes to security. In my last gig, I had a small network but we had a secure network and we prosecuted to the fullest extent of the LAW. That's what need to happen. If we can avoid government interventions to make this happen then let's do it.
We need some sort of protocol that will recursively track spoofed source address packets back to their source one hop at a time. Given a destination address the protocol would track it to the previous hop router and recurively initiate the same tracking procedure on that router. Once the attack is tracked to the source, the probe would unroll and report the results to all routers along the probe path for logging or reporting.
I have few questions about this. Do we run it on the router? If yes what type CPU and Memory load can we expect? We must realise that the router are usually doing full BGP with upstreams and processing many different things on locally. Anything we do cannot take way from the proformance of a router.
We have seen that when misconfigured equipment can be quickly identified, such as the smurf amplifiers, then we can apply pressure and get things fixed. Similarly if we can quickly identify the source of a spoofed source address attack then we can apply pressure to get filters in place and have people arrested or secure an insecure machine as the case may be.
-- Michael Dillon - Internet & ISP Consulting Memra Communications Inc. - E-mail: michael@memra.com http://www.memra.com - *check out the new name & new website*
Cheers Moe H.