On Wed, 09 February 2000, Rodney Caston wrote:
It's because people are being very closed mouthed with this, the corps either have no idea what is going on or do not wish to share what they know, and those involved with the attacks have done a good job of keeping silent. Besides comparing Morris's worm to what is going on now is hardly fair, the net was a very different place then, and his cpu cycle hog of a program was alot easier to deal with and detect.
In past cases, the "crackers" have eventually been caught not by closed-mouth corps and law enforcement, but by "civilians." The closed-mouthness just seems to be extending the list of victims because the later ones didn't know how to protect themselves until after they got hit. Then after a few hours of downtime, they figure out which filters to install. Wouldn't it be nice to know what filters to install to protect your web site before it gets hit?
The closed-mouthness just seems to be extending the list of victims because the later ones didn't know how to protect themselves until after they got hit. Then after a few hours of downtime, they figure out which filters to install.
Wouldn't it be nice to know what filters to install to protect your web site before it gets hit?
I think we just had this discussion about that 'c' word, cooperation... and why it will never happen.
Wouldn't it be nice to know what filters to install to protect your web site before it gets hit?
Sharing information with the edge about what's happening, and what to look for needs to happen. Why aren't the attack destination NOCs getting this info out? Three days into this, and I have *no* idea what I would be looking for if I was the notwork manager for a large undermanaged edge site (mmm, .edu). "Look for a big traffic peak" just doesn't cut it; I've got locally "more urgent" problems than watching for a blip on an mrtg. Given the highly distributed nature of this attack and thought being put into it, our lusers probably realize this and are *avoiding* pegging invidual ingress wires excessively. Until large numbers of sites are educated about exactly what's going on right now, and what they need to do their part of fixing it (with text for linux HOWTO level of clue; what many high-bandwidth capable sites are running w/ now), NOC staff isn't going to be sleeping much. Glad it's not my problem right now. Now, do you see the problem in this attitude? How many edge network managers are thinking exactly this way?
participants (5)
-
Daniel Hagerty -
John Hawkinson -
Randy Bush -
Rodney Caston -
Sean Donelan